1180 matches found
Gitea 1.22.0 - Cross-Site Scripting
Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session. id: CVE-2024-6886 info: name: Gitea 1.22.0 - Cross-Site Scripting...
Gitea < 1.4.3 - Open Redirect
Gitea before version 1.4.3 is affected by URL Redirection to Untrusted Site 'Open Redirect' via internal URLs. The vulnerability exists in the redirectto parameter used on the login page /user/login. Due to improper validation of the redirect URL, an attacker can craft a malicious link that...
Gitea <1.16.5 - Open Redirect
Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-1058 info: name: Gitea 1.16.5 - Open Redire...
Gitea 1.1.0 - 1.12.5 - Remote Code Execution
Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the...
Gitea Container Registry - Unauthorized Private Image Access
Gitea = 1.26.2. As a temporary workaround, set REQUIRESIGNINVIEW=true in gitea app.ini, though this blocks all anonymous access including public repos. reference: - https://blog.gitea.com/release-of-1.26.2/ - https://github.com/go-gitea/gitea/pull/37290 -...
Exploit for CVE-2026-28699
CVE-2026-28699 — Gitea OAuth2 Scope Bypass via HTTP Basic Auth...
PT-2026-48628
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description Gitea fails to enforce OAuth2 access token scopes when a token is submitted via HTTP Basic authentication instead of a Bearer token. This occurs because the authentication process in...
CVE-2026-28699
creationtimestamp| type| source ---|---|--- 2026-06-05 22:22:25+00:00| published-proof-of-concept| https://github.com/go-gitea/gitea/security/advisories/GHSA-9r5x-wg6m-x2rc 2026-06-11 09:00:04+00:00| published-proof-of-concept| Telegram/X3d0ovB01fXeFh1HIc4iOWU-yKPAhiRlXClKZPas190B7A 2026-06-11...
GHSA-WRH2-89VG-4J9G vulnerabilities
Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...
GHSA-W9P8-PVXH-RXPJ vulnerabilities
Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...
GHSA-M9X8-M34X-FJ9Q vulnerabilities
Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...
GHSA-CG87-VWWH-XVGJ vulnerabilities
Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...
GHSA-5CV4-JP36-H3MW vulnerabilities
Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...
CVE-2026-42506 vulnerabilities
Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...
CVE-2026-25680 vulnerabilities
Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...
CVE-2026-27136 vulnerabilities
Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...
CVE-2026-42502 vulnerabilities
Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...
CVE-2026-25681 vulnerabilities
Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...
ROS-20260529-73-0003
The vulnerability in Gitea is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...
Exploit for CVE-2026-27771
CVE-2026-27771 — Gitea Container Registry Auth Bypass CVSS:...