VYPR

Vendor CVEs

Gogs

All CVEs

66 total · sorted by risk
  • CVE-2024-39933Jul 4, 2024
    risk 0.00cvss epss 0.01

    Gogs through 0.13.0 allows argument injection during the tagging of a new release.

  • CVE-2022-32174Oct 11, 2022
    risk 0.00cvss epss 0.58

    In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.

  • CVE-2022-1986Jun 9, 2022
    risk 0.00cvss epss 0.04

    OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.

  • CVE-2022-31038Jun 8, 2022
    risk 0.00cvss epss 0.01

    Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which…

  • CVE-2022-1993Jun 8, 2022
    risk 0.00cvss epss 0.51

    Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

  • CVE-2022-1992Jun 8, 2022
    risk 0.00cvss epss 0.02

    Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

  • CVE-2022-1285Jun 1, 2022
    risk 0.00cvss epss 0.01

    Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.

  • CVE-2021-32546May 31, 2022
    risk 0.00cvss epss 0.02

    Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that…

  • CVE-2022-1464May 5, 2022
    risk 0.00cvss epss 0.01

    Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .

  • CVE-2022-0415Mar 21, 2022
    risk 0.00cvss epss 0.65

    Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.

  • CVE-2022-0870Mar 11, 2022
    risk 0.00cvss epss 0.03

    Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.

  • CVE-2022-0871Mar 11, 2022
    risk 0.00cvss epss 0.01

    Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.

  • CVE-2020-9329Feb 21, 2020
    risk 0.00cvss epss 0.01

    Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition.

  • CVE-2014-8683Nov 21, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.

  • CVE-2014-8682Nov 21, 2014
    risk 0.00cvss epss 0.34

    Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2)…

  • CVE-2014-8681Nov 21, 2014
    risk 0.00cvss epss 0.05

    SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.

Page 2 of 2