VYPR
Medium severity6.3OSV Advisory· Published Jun 24, 2025· Updated Apr 15, 2026

CVE-2025-47943

CVE-2025-47943

Description

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/gogs/gogsGo
< 0.13.3-0.20250608224432-110117b2e5e50.13.3-0.20250608224432-110117b2e5e5
gogs.io/gogsGo
< 0.13.3-0.20250608224432-110117b2e5e50.13.3-0.20250608224432-110117b2e5e5

Affected products

4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.