109 matches found
CVE-2026-59102
A flaw was found in Forgejo. This stored cross-site scripting XSS vulnerability allows an authenticated attacker to execute malicious code in other users' web browsers. The flaw occurs when a user's full name, containing specially crafted HTML, is used in an Actions run description without proper...
CVE-2026-59102
Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...
CVE-2026-59102
CVE-2026-59102 affects Forgejo prior to 15.0.3, with a stored XSS in the Actions run page when DEFAULT_SHOW_FULL_NAME is enabled. The description shows that an authenticated attacker can inject an HTML payload into the full name, which is interpolated into an HTML string via a translation functio...
CVE-2026-59102
Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...
EUVD-2026-41433
Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...
CVE-2026-59102 Forgejo < 15.0.3 - Stored XSS via Actions Run Full Name Rendering
Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...
PT-2026-55302
Name of the Vulnerable Software and Affected Versions Forgejo versions prior to 15.0.3 Description Authenticated attackers can execute arbitrary JavaScript in the browsers of other users. This occurs when the DEFAULT SHOW FULL NAME option is enabled and an attacker sets a full name containing an...
[SECURITY] Fedora 43 Update: forgejo-runner-12.7.3-2.fc43
The Forgejo Runner is a daemon that fetches workflows to run from a Forgejo i nstance, executes them, sends back with the logs and ultimately reports its success or failure...
Fedora 43 : forgejo-runner (2026-cf660bc96a)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cf660bc96a advisory. Update vendor dependencies to fix: CVE-2026-33762 CVE-2026-33817 CVE-2026-34165 Tenable has extracted the preceding description block directly from...
PT-2026-28595
Name of the Vulnerable Software and Affected Versions act versions prior to 0.2.86 Description act, a project for running GitHub Actions locally, has an issue where the built-in actions/cache server listens on all interfaces, potentially allowing unauthorized access from the internet. This allows...
SUSE CVE-2025-68971
In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...
CVE-2025-68971
A flaw was found in Forgejo. A remote attacker could exploit this vulnerability in the attachment component by uploading a multi-gigabyte file attachment, such as to an issue or a release. This could lead to a Denial of Service DoS, making the service unavailable to legitimate users...
[SECURITY] Fedora 44 Update: forgejo-14.0.3-1.fc44
Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...
Allocation of Resources Without Limits or Throttling
Overview codeberg.org/forgejo/forgejo/services/context is a self-hosted lightweight software forge Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in api.go and context.go, which accept attachments of unlimited size, and allocate unlimited...
EUVD-2025-208771
In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...
CVE-2025-68971
In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...
Forgejo 安全漏洞
Forgejo is a lightweight Git service. Forgejo versions 13.0.3 and earlier have security vulnerabilities; these vulnerabilities stem from the attachment component allowing the upload of files that can exceed several GB in size, which may lead to denial-of-service attacks...
CVE-2025-68971
In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...
CVE-2025-68971
Forgejo up to version 13.0.3 contains a DoS vulnerability in the attachment component: uploading multi‑gigabyte file attachments (e.g., for issues or releases) can exhaust memory and disrupt service. The issue is documented across multiple sources (SUSE, RH, NVD/NVD-derived entries, and vulnerabi...
CVE-2025-68971
In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...