CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

Positive Technologies•added 6 days ago•7 views

PT-2026-51629

Name of the Vulnerable Software and Affected Versions Gogs versions 0.14.0 through 0.14.2 Description An issue exists where the UploadRepoFiles function only checks for symbolic links at the leaf of the upload target using osx.IsSymlink, unlike other functions that validate every component of the...

9CVSS6.7AI score0.00474EPSS

Exploits0References11

CNNVD•added 2026/05/07 12:0 a.m.•9 views

GitPython 路径遍历漏洞

GitPython is a Python library developed by gitpython-developers, designed for interacting with Git repositories. Versions of GitPython prior to 3.1.48 contained a path traversal vulnerability. This vulnerability stemmed from insufficient validation of reference paths during reference creation,...

8.8CVSS5.8AI score0.00419EPSS

Exploits1References1

OSV•added 2026/02/06 6:10 p.m.•4 views

GHSA-5QHX-GWFJ-6JQR Gogs user can update repository content with read-only permission

Vulnerability Description The endpoint PUT /repos/:owner/:repo/contents/ does not require write permissions and allows access with read permission only via repoAssignment. After passing the permission check, PutContents invokes UpdateRepoFile, which results in: Commit creation Execution of git pu...

6.5CVSS5.9AI score0.00282EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 10:47 a.m.•6 views

CVE-2022-31578

The piaoyunsoft/btlnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

7.5CVSS7AI score0.01121EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:45 a.m.•6 views

CVE-2022-0986

Reflected Cross-site Scripting XSS Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11...

6.1CVSS6.1AI score0.00855EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:19 a.m.•6 views

CVE-2021-22200

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user...

7.5CVSS6.4AI score0.01003EPSS

Exploits0References1