EUVD-2024-3577

Malicious code in bioql PyPI...

EUVD-2024-3608

Malicious code in bioql PyPI...

GHSA-WJ44-9VCG-WJQ7 Gogs allows deletion of internal files which leads to remote command execution

Summary Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. Details In the patch for CVE-2024-39931, the following check is added:...

PT-2025-26688

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.3 Description Gogs, an open-source self-hosted Git service, contains a flaw where unprivileged user accounts can execute arbitrary commands on the Gogs instance. This is due to an insufficient patch for a previous...

CVE-2022-1285

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

GO-2024-3356 Path Traversal in file update API in gogs in gogs.io/gogs

Path Traversal in file update API in gogs in gogs.io/gogs...

GO-2024-3355 Remote Command Execution in file editing in gogs in gogs.io/gogs

Remote Command Execution in file editing in gogs in gogs.io/gogs...

GO-2022-0797 Insecure Permissions in Gogs in gogs.io/gogs

Insecure Permissions in Gogs in gogs.io/gogs...

GO-2022-0749 OS Command Injection in gogs in gogs.io/gogs

OS Command Injection in gogs in gogs.io/gogs...

Duplicate Advisory: Gogs allows argument injection during the previewing of changes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9pp6-wq8c-3w2c. This link is maintained to preserve external references. Original Description Gogs through 0.13.0 allows argument injection during the previewing of changes...

CVE-2024-39931

Gogs through 0.13.0 allows deletion of internal files...

CVE-2024-39931

Gogs through 0.13.0 allows deletion of internal files...

PT-2022-21137 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: Gogs versions v0.6.5 through v0.12.10 Description: The issue is related to Stored Cross-Site Scripting XSS that can lead to an account takeover. Recommendations: For versions v0.6.5 through v0.12.10, update to a version that is not affected b...

CVE-2022-1992 Path Traversal in gogs/gogs

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9...

Server-side Request Forgery (SSRF)

github.com/gogs/gogs is vulnerable to server-side request forgery. An attacker can send malicious requests on behalf of the server into the network-internal hosts through the ParseRemoteAddr function of repo.go...

GHSA-5R2V-6GM6-VPVH Insecure Permissions in Gogs

routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks...

Remote Code Execution (RCE)

github.com/gogs/gogs is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the ability to forge a session-file in file.go, allowing unauthenticated users to obtain an admin session, and subsequently allowing remote code to be injected...

CVE-2018-17031

In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent...