Gogs
by Gogs
Source repositories
CVEs (66)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0870 | 0.00 | — | 0.03 | Mar 11, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. | |||
| CVE-2022-0871 | 0.00 | — | 0.01 | Mar 11, 2022 | Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. | |||
| CVE-2020-9329 | 0.00 | — | 0.01 | Feb 21, 2020 | Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. | |||
| CVE-2014-8683 | 0.00 | — | 0.02 | Nov 21, 2014 | Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown. | |||
| CVE-2014-8682 | 0.00 | — | 0.34 | Nov 21, 2014 | Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2)… | |||
| CVE-2014-8681 | 0.00 | — | 0.05 | Nov 21, 2014 | SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues. |
- CVE-2022-0870Mar 11, 2022risk 0.00cvss —epss 0.03
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
- CVE-2022-0871Mar 11, 2022risk 0.00cvss —epss 0.01
Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.
- CVE-2020-9329Feb 21, 2020risk 0.00cvss —epss 0.01
Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition.
- CVE-2014-8683Nov 21, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.
- CVE-2014-8682Nov 21, 2014risk 0.00cvss —epss 0.34
Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2)…
- CVE-2014-8681Nov 21, 2014risk 0.00cvss —epss 0.05
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
Page 4 of 4