Lucene search
K

35547 matches found

Snyk
Snyk
•added 2026/07/03 10:20 p.m.•5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS6.1AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS6.1AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS6.1AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:20 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS6.1AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the tracked-time list endpoint. An attacker can access time tracking information without proper authorization by sending crafted requests to this endpoint. Remediation Upgrade gitea.dev/services/convert to...

6.9CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the tracked-time list endpoint. An attacker can access time tracking information without proper authorization by sending crafted requests to this endpoint. Remediation Upgrade...

6.9CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•6 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•6 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS7.2AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS7.2AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS7.2AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS6AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS6AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS6AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS7.2AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS6AI score0.00481EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...

7.5CVSS6AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...

7.5CVSS6AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks in the process for updating or rebasing pull request branches. An attacker can gain unauthorized access or modify protected branches by exploiting this weakness. Remediation...

7.5CVSS6AI score0.00322EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks in the process for updating or rebasing pull request branches. An attacker can gain unauthorized access or modify protected branches by exploiting this weakness. Remediation...

7.5CVSS6AI score0.00322EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade github.com/go-gitea/gitea/routers to...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook and migration allow-list filtering process. An attacker can access internal network resources or sensitive endpoints by crafting requests that bypass the intended filtering. Remediation...

9.6CVSS7.2AI score0.00464EPSS
Exploits1References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade gitea.dev/services/auth to version...

7.5CVSS6AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade gitea.dev/routers to version 1.26.3 or...

7.5CVSS6AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade gitea.dev/services/repository to versi...

7.5CVSS6AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook and migration allow-list filtering process. An attacker can access internal network resources or sensitive endpoints by crafting requests that bypass the intended filtering. Remediation...

9.6CVSS6AI score0.00464EPSS
Exploits1References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade gitea.dev/models/auth to version 1.26....

7.5CVSS6AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade github.com/go-gitea/gitea/models/auth ...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade github.com/go-gitea/gitea/services/aut...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS6AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS6AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS6AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS6AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/03 10:19 p.m.•4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Total number of security vulnerabilities35547