Lucene search
K

46 matches found

Github Security Blog
Github Security Blog
added 6 days ago14 views

How GitHub gave every repository a durable owner

GitHub has over 14,000 repositories across our primary internal GitHub organization. As of early 2025, there were over 11,000 non-archived repositories, the vast majority of which with no clear owner. For repositories attached to production services, we have historically had robust durable...

6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.7 views

SUSE CVE-2026-25120

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...

5.1CVSS5.8AI score0.00271EPSS
Exploits1References3
NVD
NVD
added 2026/02/19 7:17 a.m.7 views

CVE-2026-25120

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...

5.1CVSS0.00271EPSS
Exploits1References2
OSV
OSV
added 2026/02/17 6:42 p.m.6 views

GHSA-CV22-72PX-F4GH Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs

Summary A broken access control vulnerability in Gogs allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI internal/route/repo/issue.go fails to verify that the label being modified belongs to the...

5.3CVSS5.8AI score0.00254EPSS
Exploits1References4
OSV
OSV
added 2026/02/17 6:40 p.m.4 views

GHSA-JJ5M-H57J-5GV7 Gogs Allows Cross-Repository Comment Deletion via DeleteComment

IDOR: Cross-Repository Comment Deletion via DeleteComment Summary The POST /:owner/:repo/issues/comments/:id/delete endpoint does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by...

5.1CVSS5.8AI score0.00271EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/17 6:40 p.m.9 views

Gogs Allows Cross-Repository Comment Deletion via DeleteComment

IDOR: Cross-Repository Comment Deletion via DeleteComment Summary The POST /:owner/:repo/issues/comments/:id/delete endpoint does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by...

5.1CVSS5.8AI score0.00271EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-20320

Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Description Gogs, a self-hosted Git service, has an issue where the DeleteComment API does not properly verify if a comment belongs to the repository specified in the URL. This allows a repository administrator t...

9.9CVSS5.6AI score0.34346EPSS
Exploits45References115
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.10 views

PT-2026-20321

Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Description Gogs, a self-hosted Git service, has a broken access control issue. Authenticated users with write access to a repository can modify labels belonging to other repositories. This is due to a failure in...

9.9CVSS5.5AI score0.34346EPSS
Exploits45References116
SUSE CVE
SUSE CVE
added 2026/02/07 12:26 a.m.6 views

SUSE CVE-2026-20897

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

9.1CVSS5.3AI score0.00415EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/07 12:26 a.m.6 views

SUSE CVE-2026-20912

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users...

9.1CVSS5.4AI score0.00415EPSS
Exploits0References3
OSV
OSV
added 2026/02/02 9:5 p.m.3 views

GO-2026-4364 Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea

Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea...

9.1CVSS5.3AI score0.00415EPSS
Exploits0References7
OSV
OSV
added 2026/02/02 9:5 p.m.5 views

GO-2026-4363 Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea

Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea...

9.1CVSS5.3AI score0.00415EPSS
Exploits0References7
Snyk
Snyk
added 2026/01/23 12:31 a.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of repository ownership when linking attachments to releases. An attacker can gain unauthorized access to attachments by linking an attachment uploaded to a privat...

9.1CVSS5.9AI score0.00415EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/23 12:31 a.m.9 views

EUVD-2026-4263

Gitea does not properly validate repository ownership when linking attachments to releases...

9.1CVSS5.4AI score0.00415EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.11 views

Gitea does not properly validate repository ownership when linking attachments to releases

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users...

9.1CVSS5.5AI score0.00415EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/01/23 12:31 a.m.6 views

EUVD-2026-4264

Gitea does not properly validate repository ownership when deleting Git LFS locks...

9.1CVSS5.4AI score0.00415EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.10 views

Gitea does not properly validate repository ownership when deleting Git LFS locks

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

9.1CVSS5.4AI score0.00415EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/01/22 10:16 p.m.8 views

CVE-2026-20912

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users...

9.1CVSS0.00415EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/01/22 10:1 p.m.4 views

CVE-2026-20912

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users...

9.1CVSS5.5AI score0.00415EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/01/22 10:1 p.m.4 views

CVE-2026-20912

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users...

9.1CVSS5.9AI score0.00415EPSS
Exploits0References5
Rows per page
Query Builder