Lucene search
K

5 matches found

OSV
OSV
added 2026/02/23 6:23 p.m.6 views

GO-2026-4498 Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs

Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

8.8CVSS5.5AI score0.00436EPSS
Exploits1References5
OSV
OSV
added 2026/02/17 6:43 p.m.5 views

GHSA-2C6V-8R3V-GH6P Gogs has a Protected Branch Deletion Bypass in Web Interface

Summary An access control bypass vulnerability in Gogs web interface allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing the branch protection mechanism. This vulnerability enabl...

7.1CVSS5.8AI score0.00436EPSS
Exploits1References6
OSV
OSV
added 2023/12/01 7:15 a.m.9 views

UBUNTU-CVE-2023-5226

An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to...

7.5CVSS7AI score0.00546EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2022/03/31 12:0 a.m.40 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Static passwords inadvertently set during OmniAuth-based registration Stored XSS in notes Stored XSS on Multi-word milestone reference Denial of service caused by a specially crafted RDoc file GitLab Pages access tokens can be reused on multiple domains GitLab Pages uses default...

9.8CVSS2.5AI score0.87369EPSS
Exploits7References1
Prion
Prion
added 2020/11/17 7:15 p.m.14 views

Design/Logic Flaw

An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are =10.2, =13.4, =13.5, 13.5.2...

4CVSS5.7AI score0.00789EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder