GO-2026-4448 Gogs's update .git/config file allows remote command execution in gogs.io/gogs

Gogs's update .git/config file allows remote command execution in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, plea...

GO-2026-4457 Gogs has authorization bypass in repository deletion API in gogs.io/gogs

Gogs has authorization bypass in repository deletion API in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

GO-2026-4452 Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update in gogs.io/gogs

Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2026-4454 Gogs vulnerable to Stored XSS via Mermaid diagrams in gogs.io/gogs

Gogs vulnerable to Stored XSS via Mermaid diagrams in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest a...

GO-2026-4450 Gogs user can update repository content with read-only permission in gogs.io/gogs

Gogs user can update repository content with read-only permission in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

GO-2026-4451 Gogs has a Denial of Service issue in gogs.io/gogs

Gogs has a Denial of Service issue in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the...

GO-2026-4453 Gogs has arbitrary file read/write via Path Traversal in Git hook editing in gogs.io/gogs

Gogs has arbitrary file read/write via Path Traversal in Git hook editing in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

PT-2026-20974

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Description A critical authorization bypass exists in the Gogs repository deletion API. The DELETE /api/v1/repos/:owner/:repo endpoint lacks necessary permission validation, allowing any authenticated user with re...

ALPINE-CVE-2016-7970

Buffer overflow in the calccoeff function in libass/assblur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors...