VYPR
Get started
← All advisories
Moderate severityOSV Advisory· Published Dec 26, 2025· Updated Dec 26, 2025

CVE-2025-68946

CVE-2025-68946

Description

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
code.gitea.io/giteaGo
< 1.20.11.20.1

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.