SUSE CVE-2025-64111

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

PT-2026-23483

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, has a flaw where Large File Storage LFS objects can be maliciously overwritten across different repositories. This is due to a lack of isolation in how LFS objects are...

Gogs 安全漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.4 and earlier have security vulnerabilities; these...

Gogs 安全漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.4 and earlier have security vulnerabilities. These...

EUVD-2025-206887

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

Gogs 操作系统命令注入漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier had an operating system command injection...

EUVD-2025-18995

Malicious code in bioql PyPI...

Malicious code in giteegit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a26c5d911f4394086eca9dfca0dfb8b05cc0675bac36dfdbec08e30f6d1abed Package exfiltrates source code files to a telegram channel, while the description promises saving them to a git service --- Category: MALICIOUS - The campaign...

MAL-2025-191739 Malicious code in giteegit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a26c5d911f4394086eca9dfca0dfb8b05cc0675bac36dfdbec08e30f6d1abed Package exfiltrates source code files to a telegram channel, while the description promises saving them to a git service --- Category: MALICIOUS - The campaign...

PT-2025-26689 · Pdf.Js +1 · Pdf.Js +1

Name of the Vulnerable Software and Affected Versions: Gogs versions 0.14.0+dev and prior Description: Gogs is an open source self-hosted Git service. The issue is a stored cross-site scripting XSS vulnerability, which allows client-side Javascript code execution. This is caused by the usage of a...

SUSE CVE-2024-54148

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

CVE-2024-54148 Gogs has a Path Traversal in file editing UI

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

WinSCP < 6.3.3 Key Recovery Attack Vulnerability

The version of WinSCP installed on the remote Windows host is prior to 6.3.3. It is, therefore, affected by a key recovery attack vulnerability. In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in...

Gogs Security Breach

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0, which stems from...

Gogs Security Breach

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0 and earlier...

Fedora 40 : filezilla / libfilezilla (2024-ff9a2fb31c)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ff9a2fb31c advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Gitea Input Validation Error Vulnerability (CNVD-2023-60472)

Gitea is a lightweight Go-based git service developed by the Gitea community. An input validation error vulnerability exists in Gitea versions prior to 1.19.4, which stems from improper input validation of the program. An attacker can exploit this vulnerability to obtain sensitive information...

Gitea: Multiple Vulnerabilities

Background Gitea is a painless self-hosted Git service. Description Multiple vulnerabilities have been discovered in Gitea. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...

CVE-2022-42968

A flaw was found in Gitea. The self-hosted Git service does not sanitize and escape refs in the git backend. This issue could allow an attacker to craft arguments for the git commands, which will be mishandled...

Design/Logic Flaw

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName...