Vulners
Lucene search
Gogs <= 0.13.3 Multiple Vulnerabilities
| Reporter | Title | Published | Views | Family All 262 |
|---|---|---|---|---|
 | Exploit for Path Traversal in Gogs | 11 Apr 202622:40 | – | githubexploit |
| Exploit for Path Traversal in Gogs | 14 Apr 202611:03 | – | githubexploit |
| Exploit for Code Injection in Craftcms Craft_Cms | 8 Mar 202616:59 | – | githubexploit |
| Exploit for Path Traversal in Gogs | 20 May 202612:54 | – | githubexploit |
| Exploit for Path Traversal in Gogs | 11 Apr 202620:28 | – | githubexploit |
| Exploit for Path Traversal in Gogs | 15 Apr 202609:17 | – | githubexploit |
| Exploit for CVE-2025-8110 | 31 Dec 202513:25 | – | githubexploit |
| CVE-PoC | 18 May 202615:57 | – | githubexploit |
| Exploit for Path Traversal in Gogs | 13 Apr 202605:42 | – | githubexploit |
| Exploit for Path Traversal in Gogs | 11 Apr 202623:10 | – | githubexploit |
10
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(286268);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/19");
script_cve_id(
"CVE-2025-8110",
"CVE-2025-64111",
"CVE-2025-64175",
"CVE-2025-65852",
"CVE-2026-22592",
"CVE-2026-23632",
"CVE-2026-23633",
"CVE-2026-24135"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/02/02");
script_name(english:"Gogs <= 0.13.3 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"Gogs, a self-hosted Git service, detected on the remote host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the instance of Gogs running on the remote host is prior or equal to 0.13.3.
It is, therefore, affected by multiple vulnerabilities, including:
- Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code. (CVE-2025-8110)
- Due to the insufficient patch for CVE-2024-56731, it is still possible to update files in the .git directory and
achieve remote command execution. (CVE-2025-64111)
- An arbitrary file read/write via path traversal exists in Git hook editing. (CVE-2026-23633)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?91c306a5");
# https://www.openwall.com/lists/oss-security/2025/12/11/3
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5f5652a6");
# https://www.openwall.com/lists/oss-security/2025/12/11/4
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2d9d3ddd");
# https://github.com/gogs/gogs/security/advisories/GHSA-mrph-w4hh-gx3g
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5d73718c");
# https://github.com/gogs/gogs/security/advisories/GHSA-5qhx-gwfj-6jqr
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?87b3c579");
# https://github.com/gogs/gogs/security/advisories/GHSA-jp7c-wj6q-3qf2
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4e997992");
# https://github.com/gogs/gogs/security/advisories/GHSA-cr88-6mqm-4g57
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bb6f4624");
# https://github.com/gogs/gogs/security/advisories/GHSA-rjv5-9px2-fqw6
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a923ded6");
# https://github.com/gogs/gogs/security/advisories/GHSA-26gq-grmh-6xm6
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?32354b22");
# https://github.com/gogs/gogs/security/advisories/GHSA-p6x6-9mx6-26wj
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9387220e");
# https://github.com/gogs/gogs/security/advisories/GHSA-gg64-xxr9-qhjp
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6bbce646");
script_set_attribute(attribute:"solution", value:
"See vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:Y/R:U/V:C");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:A");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-64111");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/12/10");
script_set_attribute(attribute:"patch_publication_date", value:"2025/12/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/15");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:gogs:gogs");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("gogs_detect.nbin");
script_require_keys("installed_sw/Gogs");
script_require_ports("Services/www", 3000);
exit(0);
}
include('vcf.inc');
include('http.inc');
var port = get_http_port(default:3000, php:TRUE);
var app_info = vcf::get_app_info(app:'Gogs', port:port, webapp:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:3);
var constraints = [
{ 'min_version' : '0.0', 'max_version' : '0.13.3', 'fixed_display' : 'See vendor advisory' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Feb 2026 00:00Current
8.2High risk
Vulners AI Score8.2
CVSS 3.16.5 - 9.8
CVSS 49.3
EPSS0.7694
SSVC