Vendor CVEs
Gogs
All CVEs
66 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39933 | 0.00 | — | 0.01 | Jul 4, 2024 | Gogs through 0.13.0 allows argument injection during the tagging of a new release. | |||
| CVE-2022-32174 | 0.00 | — | 0.58 | Oct 11, 2022 | In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. | |||
| CVE-2022-1986 | 0.00 | — | 0.04 | Jun 9, 2022 | OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. | |||
| CVE-2022-31038 | 0.00 | — | 0.01 | Jun 8, 2022 | Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which… | |||
| CVE-2022-1993 | 0.00 | — | 0.51 | Jun 8, 2022 | Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | |||
| CVE-2022-1992 | 0.00 | — | 0.02 | Jun 8, 2022 | Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | |||
| CVE-2022-1285 | 0.00 | — | 0.01 | Jun 1, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | |||
| CVE-2021-32546 | 0.00 | — | 0.02 | May 31, 2022 | Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that… | |||
| CVE-2022-1464 | 0.00 | — | 0.01 | May 5, 2022 | Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account . | |||
| CVE-2022-0415 | 0.00 | — | 0.65 | Mar 21, 2022 | Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | |||
| CVE-2022-0870 | 0.00 | — | 0.03 | Mar 11, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. | |||
| CVE-2022-0871 | 0.00 | — | 0.01 | Mar 11, 2022 | Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. | |||
| CVE-2020-9329 | 0.00 | — | 0.01 | Feb 21, 2020 | Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. | |||
| CVE-2014-8683 | 0.00 | — | 0.02 | Nov 21, 2014 | Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown. | |||
| CVE-2014-8682 | 0.00 | — | 0.34 | Nov 21, 2014 | Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2)… | |||
| CVE-2014-8681 | 0.00 | — | 0.05 | Nov 21, 2014 | SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues. |
- CVE-2024-39933Jul 4, 2024risk 0.00cvss —epss 0.01
Gogs through 0.13.0 allows argument injection during the tagging of a new release.
- CVE-2022-32174Oct 11, 2022risk 0.00cvss —epss 0.58
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
- CVE-2022-1986Jun 9, 2022risk 0.00cvss —epss 0.04
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
- CVE-2022-31038Jun 8, 2022risk 0.00cvss —epss 0.01
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which…
- CVE-2022-1993Jun 8, 2022risk 0.00cvss —epss 0.51
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
- CVE-2022-1992Jun 8, 2022risk 0.00cvss —epss 0.02
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
- CVE-2022-1285Jun 1, 2022risk 0.00cvss —epss 0.01
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.
- CVE-2021-32546May 31, 2022risk 0.00cvss —epss 0.02
Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that…
- CVE-2022-1464May 5, 2022risk 0.00cvss —epss 0.01
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .
- CVE-2022-0415Mar 21, 2022risk 0.00cvss —epss 0.65
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
- CVE-2022-0870Mar 11, 2022risk 0.00cvss —epss 0.03
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
- CVE-2022-0871Mar 11, 2022risk 0.00cvss —epss 0.01
Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.
- CVE-2020-9329Feb 21, 2020risk 0.00cvss —epss 0.01
Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition.
- CVE-2014-8683Nov 21, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.
- CVE-2014-8682Nov 21, 2014risk 0.00cvss —epss 0.34
Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2)…
- CVE-2014-8681Nov 21, 2014risk 0.00cvss —epss 0.05
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
Page 2 of 2