18 matches found
CVE-2026-35172
Technical details about CVE-2026-35172 are not publicly available in the provided connected documents. Monitor for updates regarding affected versions, remediation, and exploit information.
Gogs 参数注入漏洞
Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to Gogs version 0.14.2, there was a parameter injection vulnerability. This...
GO-2026-4457 Gogs has authorization bypass in repository deletion API in gogs.io/gogs
Gogs has authorization bypass in repository deletion API in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the Delete function. An attacker can permanently remove entire repositories, including all associated data and history, by sending a DELETE request to the API endpoint while possessing only read-level access...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the Delete function. An attacker can permanently remove entire repositories, including all associated data and history, by sending a DELETE request to the API endpoint while possessing only read-level access...
GHSA-RJV5-9PX2-FQW6 Gogs has authorization bypass in repository deletion API
Summary The DELETE /api/v1/repos/:owner/:repo endpoint lacks necessary permission validation middleware. Consequently, any user with read access including read-only collaborators can delete the entire repository. This vulnerability stems from the API route configuration only utilizing the...
Gogs has authorization bypass in repository deletion API
Summary The DELETE /api/v1/repos/:owner/:repo endpoint lacks necessary permission validation middleware. Consequently, any user with read access including read-only collaborators can delete the entire repository. This vulnerability stems from the API route configuration only utilizing the...
GHSA-CR88-6MQM-4G57 Gogs has a Denial of Service issue
Summary An authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. Details If GetMirrorByRepoID fails, the error log dereferencing null pointer. This happens if the repository no longer exits...
PT-2026-6755
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions prior to 0.14.0+dev Description Gogs is a self-hosted Git service susceptible to a denial-of-service DOS attack. An authenticated user can trigger a crash by initiating a mirror synchronization on a...
EUVD-2020-5577
Malware in sbrugna...
CVE-2020-13317
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...
GO-2024-2608 Minder access control bypass in github.com/stacklok/minder
A Minder user can use the endpoints to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. The DB query used checks by repo owner, repo name and provider name which is always "github". These query values are not distinct for the particular...
GHSA-CW2V-WV4G-W4P6 rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery CSRF. An attacker exploiting this vulnerability can use it to delete repositories and users...
Cross Site Request Forgery in Admin area leads to deletion of repositories and users
Description Server accepts the GET request for deleting repositories and users which can lead to CSRF attack on repositories'. Proof of Concept Open the below URL after logging in to the admin account in demo site. For deleting Repository : Replace "replace-here" with a repo name...
RED HAT Quay web application 代码问题漏洞
RED HAT Quay web application is an application from the United States RED HAT. It provides a container image registry that allows you to build, organize, distribute, and deploy containers. A code issue vulnerability exists in the Quay web application, which stems from the fact that sessions never...
GitLab Access Control Error Vulnerability (CNVD-2020-52426)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An access control error vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8, and 13.3....
Design/Logic Flaw
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...
CVE-2020-13317
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...