827 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/routers/web/repo to version 1.22.5 or highe...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/routers/api/v1/repo to version 1.22.5...
Gitea doesn't adequately enforce branch deletion permissions after merging a pull request.
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
GHSA-RRCW-5RJV-VJ26 Gitea doesn't adequately enforce branch deletion permissions after merging a pull request.
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
CVE-2025-68940 (Gitea) : Multiple connected sources confirm a vulnerability in Gitea up to version 1.22.4 where branch deletion permissions are not adequately enforced after merging a pull request. The issue affects the code paths governing branch deletion permissions and can allow improper branc...
EUVD-2025-205410
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
PT-2025-53437
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.22.5 Description A permission enforcement issue exists in Gitea related to branch deletion after a pull request merge. Specifically, the system does not adequately enforce branch deletion permissions in these scenario...
Gitea 安全漏洞
Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea versions prior to 1.22.5, which stems from insufficient execution of branch delete permissions after a merge pull request...
AZL-72851 CVE-2025-59529 affecting package avahi 0.8-5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...
UBUNTU-CVE-2025-59529
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...
EUVD-2025-204402
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...
GHSA-565G-HWWR-4PP3 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
Fickling Assessment Based on the test case provided in the original report below, this bypass was caused by marshal and types missing from the block list of unsafe module imports, Fickling started blocking both modules to address this issue. This was fixed in...
Users can modify tags on files that do not belong to them
None...
Stored XSS in contacts app via organisation and title field
None...
Missing Authorization
Overview github-webhook-server is an A webhook server to manage Github repositories and pull requests. Affected versions of this package are vulnerable to Missing Authorization via unsafe loading of OWNERS files from pull-request–controlled repository checkouts. The...