Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

18 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:13 a.m.3 views

CVE-2022-31038

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName...

5.4CVSS5.9AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 8:33 a.m.4 views

CVE-2024-39931

Gogs through 0.13.0 allows deletion of internal files...

9.9CVSS6.9AI score0.07233EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-0961

Malware in sbrugna...

9.8CVSS9.3AI score0.00304EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2025/06/24 7:0 p.m.33 views

Gogs allows deletion of internal files which leads to remote command execution

Summary Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. Details In the patch for CVE-2024-39931, the following check is added:...

10CVSS8.3AI score0.07233EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVEadded 2025/02/05 9:23 p.m.8 views

CVE-2022-2024

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...

9.8CVSS7.1AI score0.43635EPSS
Exploits1References1
OSV
OSVadded 2024/12/23 5:53 p.m.9 views

GHSA-QF5V-RP47-55GG Path Traversal in file update API in gogs

Impact The malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. Patches Writing files outside repository Git directory has been prohibited via the repository file update API https://github.com/gogs/gogs/pull/7859. Users should upgrade to 0.13...

8.8CVSS8.9AI score0.75675EPSS
Exploits3References6
Github Security Blog
Github Security Blogadded 2024/12/23 5:53 p.m.21 views

Path Traversal in file update API in gogs

Impact The malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. Patches Writing files outside repository Git directory has been prohibited via the repository file update API https://github.com/gogs/gogs/pull/7859. Users should upgrade to 0.13...

8.8CVSS8.9AI score0.75675EPSS
Exploits3References6Affected Software1
OSV
OSVadded 2024/12/23 5:53 p.m.10 views

GHSA-R7J8-5H9C-F6FX Remote Command Execution in file editing in gogs

Impact The malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. Patches Editing symlink while changing the file name has been prohibited via the repository web editor https://github.com/gogs/gogs/pull/7857. Users should upgrade to 0.13...

9.8CVSS9.6AI score0.00972EPSS
Exploits1References6
NVD
NVDadded 2024/12/23 4:15 p.m.15 views

CVE-2024-54148

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

9.8CVSS0.00972EPSS
Exploits1References4
AlpineLinux
AlpineLinuxadded 2024/07/04 4:15 p.m.8 views

CVE-2024-39931

Gogs through 0.13.0 allows deletion of internal files...

7.3AI score0.07233EPSS
Exploits0
Cvelist
Cvelistadded 2024/07/04 12:0 a.m.12 views

CVE-2024-39933

Gogs through 0.13.0 allows argument injection during the tagging of a new release...

7.7CVSS0.00264EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2024/07/04 12:0 a.m.12 views

CVE-2024-39932

Gogs through 0.13.0 allows argument injection during the previewing of changes...

9.9CVSS7.2AI score0.03233EPSS
Exploits1References2
CVE
CVEadded 2024/07/04 12:0 a.m.65 views

CVE-2024-39932

CVE-2024-39932 (Gogs) : Gogs

9.9CVSS7.5AI score0.03233EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blogadded 2021/05/18 8:33 p.m.43 views

Insecure Permissions in Gogs

In Gogs 0.11.91, MakeEmailPrimary in models/usermail.go lacks a "not the owner of the email" check...

6.5CVSS2.8AI score0.00154EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2021/05/18 8:33 p.m.21 views

GHSA-4C7M-VV47-7C69 Insecure Permissions in Gogs

In Gogs 0.11.91, MakeEmailPrimary in models/usermail.go lacks a "not the owner of the email" check...

5.3CVSS6.3AI score0.00154EPSS
Exploits0References3
Cvelist
Cvelistadded 2020/06/21 7:57 p.m.6 views

CVE-2020-14958

In Gogs 0.11.91, MakeEmailPrimary in models/usermail.go lacks a "not the owner of the email" check...

6.4AI score0.00154EPSS
Exploits0References2
Prion
Prionadded 2020/02/21 10:15 p.m.15 views

Race condition

Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition...

4.3CVSS5.7AI score0.00266EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2019/08/02 10:15 p.m.9 views

CVE-2019-14544

routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks...

9.8CVSS9.5AI score0.00304EPSS
Exploits0References1
Rows per page
Query Builder