GO-2026-4498 Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs

Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

GO-2026-4450 Gogs user can update repository content with read-only permission in gogs.io/gogs

Gogs user can update repository content with read-only permission in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

GO-2026-4451 Gogs has a Denial of Service issue in gogs.io/gogs

Gogs has a Denial of Service issue in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the...

GO-2022-0749 OS Command Injection in gogs in gogs.io/gogs

OS Command Injection in gogs in gogs.io/gogs...

GO-2022-0566 SSRF in repository migration in gogs.io/gogs

SSRF in repository migration in gogs.io/gogs...

GO-2022-0570 Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

Path Traversal in file editor on Windows in Gogs in gogs.io/gogs...

GO-2023-1596 Gogs OS Command Injection vulnerability in gogs.io/gogs

Gogs OS Command Injection vulnerability in gogs.io/gogs...

Command Injection

gogs.io/gogs is vulnerable to Command Injection. The vulnerability is caused due to inadequate input validation during the previewing of changes, allowing an attacker to inject arbitrary commands...

Remote Code Execution (RCE)

gogs.io/gogs is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of command-line arguments within the bundled ssh implementation internal/ssh/ssh.go. An attacker can exploit the vulnerability by sending a malicious --split-string env request through an SSH...

Path Traversal

gogs.io/gogs is vulnerable to path traversal. The vulnerability exists in Clean function in pathutil.go due to lack of validations which allows a malicious attacker to delete and upload arbitrary files...

OS Command Injection

gogs.io/gogs is vulnerable to OS command injection. The vulnerability exists in isRepositoryGitPath function in repoeditor.go because the styles of os.PathSeparator are not checked properly which allows an attacker to inject and execute os commands...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in gogs.io/gogs...