VYPR

Gogs

by Gogs

Source repositories

CVEs (66)

  • CVE-2026-23632Feb 6, 2026
    risk 0.00cvss epss 0.00

    Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/*" does not require write permissions and allows access with read permission only via repoAssignment(). After passing the permission check, PutContents()…

  • CVE-2026-22592Feb 6, 2026
    risk 0.00cvss epss 0.00

    Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and…

  • CVE-2025-64175Feb 6, 2026
    risk 0.00cvss epss 0.00

    Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code (e.g.,…

  • CVE-2025-64111Feb 6, 2026
    risk 0.00cvss epss 0.01

    Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and…

  • CVE-2024-56731Jun 24, 2025
    risk 0.00cvss epss 0.01

    Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands…

  • CVE-2024-55947Dec 23, 2024
    risk 0.00cvss epss 0.75

    Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.

  • CVE-2024-54148Dec 23, 2024
    risk 0.00cvss epss 0.01

    Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.

  • CVE-2022-1884Nov 15, 2024
    risk 0.00cvss epss 0.02

    A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the…

  • CVE-2024-39932Jul 4, 2024
    risk 0.00cvss epss 0.17

    Gogs through 0.13.0 allows argument injection during the previewing of changes.

  • CVE-2024-39930Jul 4, 2024
    risk 0.00cvss epss 0.07

    The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server…

  • CVE-2024-39933Jul 4, 2024
    risk 0.00cvss epss 0.01

    Gogs through 0.13.0 allows argument injection during the tagging of a new release.

  • CVE-2022-32174Oct 11, 2022
    risk 0.00cvss epss 0.58

    In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.

  • CVE-2022-1986Jun 9, 2022
    risk 0.00cvss epss 0.04

    OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.

  • CVE-2022-31038Jun 8, 2022
    risk 0.00cvss epss 0.01

    Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which…

  • CVE-2022-1993Jun 8, 2022
    risk 0.00cvss epss 0.51

    Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

  • CVE-2022-1992Jun 8, 2022
    risk 0.00cvss epss 0.02

    Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

  • CVE-2022-1285Jun 1, 2022
    risk 0.00cvss epss 0.01

    Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.

  • CVE-2021-32546May 31, 2022
    risk 0.00cvss epss 0.02

    Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that…

  • CVE-2022-1464May 5, 2022
    risk 0.00cvss epss 0.01

    Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .

  • CVE-2022-0415Mar 21, 2022
    risk 0.00cvss epss 0.65

    Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.