[SECURITY] Fedora 43 Update: forgejo-runner-12.7.3-2.fc43

The Forgejo Runner is a daemon that fetches workflows to run from a Forgejo i nstance, executes them, sends back with the logs and ultimately reports its success or failure...

Fedora 43 : forgejo-runner (2026-cf660bc96a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cf660bc96a advisory. Update vendor dependencies to fix: CVE-2026-33762 CVE-2026-33817 CVE-2026-34165 Tenable has extracted the preceding description block directly from...

PT-2026-28595

Name of the Vulnerable Software and Affected Versions act versions prior to 0.2.86 Description act, a project for running GitHub Actions locally, has an issue where the built-in actions/cache server listens on all interfaces, potentially allowing unauthorized access from the internet. This allows...

SUSE CVE-2025-68971

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...

CVE-2025-68971

A flaw was found in Forgejo. A remote attacker could exploit this vulnerability in the attachment component by uploading a multi-gigabyte file attachment, such as to an issue or a release. This could lead to a Denial of Service DoS, making the service unavailable to legitimate users...

[SECURITY] Fedora 44 Update: forgejo-14.0.3-1.fc44

Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...

Allocation of Resources Without Limits or Throttling

Overview codeberg.org/forgejo/forgejo/services/context is a self-hosted lightweight software forge Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in api.go and context.go, which accept attachments of unlimited size, and allocate unlimited...

EUVD-2025-208771

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...

CVE-2025-68971

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...

CVE-2025-68971

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...

CVE-2025-68971

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...

CVE-2025-68971

Forgejo up to version 13.0.3 contains a DoS vulnerability in the attachment component: uploading multi‑gigabyte file attachments (e.g., for issues or releases) can exhaust memory and disrupt service. The issue is documented across multiple sources (SUSE, RH, NVD/NVD-derived entries, and vulnerabi...

Forgejo 安全漏洞

Forgejo is a lightweight Git service. Forgejo versions 13.0.3 and earlier have security vulnerabilities; these vulnerabilities stem from the attachment component allowing the upload of files that can exceed several GB in size, which may lead to denial-of-service attacks...

Fedora: Security Advisory (FEDORA-2026-a4a01fb680)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 43 Update: forgejo-13.0.4-1.fc43

Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...

Fedora 43 : forgejo (2026-a4a01fb680)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a4a01fb680 advisory. This is an upstream bug and security fix release. Please view the upstream release notes for more details. Tenable has extracted the preceding description...

CVE-2023-49948

Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL...

SUSE CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

FreeBSD : Forgejo -- Symbolic Link (Symlink) Following (963f4e9d-e4d5-11f0-984f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 963f4e9d-e4d5-11f0-984f-b42e991fc52e advisory. https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports:...

CVE-2025-68937

A flaw was found in Forgejo. This vulnerability allows a remote attacker to write to unintended files and potentially gain server shell access. The flaw occurs due to mishandling of symlink destinations that point outside of the repository when processing template repositories. This could lead to...