Lucene search
K

35669 matches found

Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS7.2AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS7.2AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS7.2AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the pre-receive process. An attacker can gain unauthorized write access to the entire repository by exploiting cached branch-specific write-permission results across multiple refs within a single session...

8.8CVSS7.2AI score0.00523EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to improper enforcement of OAuth2 authorization code expiry and single-use requirements in the authorization code process. An attacker can gain unauthorized access by reusing valid authorization codes during the token...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to improper enforcement of OAuth2 authorization code expiry and single-use requirements in the authorization code process. An attacker can gain unauthorized access by reusing valid authorization codes during the token...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to improper enforcement of OAuth2 authorization code expiry and single-use requirements in the authorization code process. An attacker can gain unauthorized access by reusing valid authorization codes during the token...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to improper enforcement of OAuth2 authorization code expiry and single-use requirements in the authorization code process. An attacker can gain unauthorized access by reusing valid authorization codes during the token...

9.1CVSS6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the process that handles repository dump creation, which uses release tag names and asset names as filesystem path components. An attacker can manipulate file system paths by providing specially crafted release t...

8.7CVSS6.5AI score0.00369EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the process that handles repository dump creation, which uses release tag names and asset names as filesystem path components. An attacker can manipulate file system paths by providing specially crafted release t...

8.7CVSS6.5AI score0.00369EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the handling of the forwarded-proto header when generating public URLs. An attacker can cause the application to generate spoofed canonical URLs by injecting or manipulating the forwarded-proto header value...

7.5CVSS6AI score0.00431EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the handling of the forwarded-proto header when generating public URLs. An attacker can cause the application to generate spoofed canonical URLs by injecting or manipulating the forwarded-proto header value...

7.5CVSS6AI score0.00431EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper error handling in the pre-receive process when processing input with bufio.Scanner. An attacker can bypass branch-protection checks by submitting oversized input that triggers scanner errors...

9.8CVSS6AI score0.00472EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper error handling in the pre-receive process when processing input with bufio.Scanner. An attacker can bypass branch-protection checks by submitting oversized input that triggers scanner errors...

9.8CVSS6AI score0.00472EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the LFS object reuse process. An attacker can gain unauthorized access to private source objects by leveraging repository access without having the required Code-unit permissions...

7.1CVSS7.2AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the LFS object reuse process. An attacker can gain unauthorized access to private source objects by leveraging repository access without having the required Code-unit permissions...

7.1CVSS6AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.6 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade gitea.dev/modules/gi...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.7 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the InternReadFile function of the CSM File Handler component. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted CSM files that trigger a heap-based buffer...

5.3CVSS6.7AI score0.00128EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the CODEOWNERS pattern matching process. An attacker can cause excessive resource consumption by submitting specially crafted patterns, potentially leading to service unavailability. Remediation Upgrade...

7.5CVSS6AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the CODEOWNERS pattern matching process. An attacker can cause excessive resource consumption by submitting specially crafted patterns, potentially leading to service unavailability. Remediation Upgrade...

7.5CVSS6AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the CODEOWNERS pattern matching process. An attacker can cause excessive resource consumption by submitting specially crafted patterns, potentially leading to service unavailability. Remediation Upgrade...

7.5CVSS6AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the CODEOWNERS pattern matching process. An attacker can cause excessive resource consumption by submitting specially crafted patterns, potentially leading to service unavailability. Remediation Upgrade...

7.5CVSS6AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the workflow approval process. An attacker can gain unauthorized access to protected resources or perform privileged actions by bypassing the intended approval gate through manipulation of permanent fork pull...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the workflow approval process. An attacker can gain unauthorized access to protected resources or perform privileged actions by bypassing the intended approval gate through manipulation of permanent fork pull...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the workflow approval process. An attacker can gain unauthorized access to protected resources or perform privileged actions by bypassing the intended approval gate through manipulation of permanent fork pull...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the workflow approval process. An attacker can gain unauthorized access to protected resources or perform privileged actions by bypassing the intended approval gate through manipulation of permanent fork pull...

8.9CVSS5.9AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the OAuth sign-in callback process. An attacker can regain access to accounts that have been disabled by an administrator by initiating an OAuth sign-in, resulting in unauthorized re-enablement of those account...

9.8CVSS6AI score0.00343EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the OAuth sign-in callback process. An attacker can regain access to accounts that have been disabled by an administrator by initiating an OAuth sign-in, resulting in unauthorized re-enablement of those account...

9.8CVSS6AI score0.00343EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the OAuth sign-in callback process. An attacker can regain access to accounts that have been disabled by an administrator by initiating an OAuth sign-in, resulting in unauthorized re-enablement of those account...

9.8CVSS6AI score0.00343EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the OAuth sign-in callback process. An attacker can regain access to accounts that have been disabled by an administrator by initiating an OAuth sign-in, resulting in unauthorized re-enablement of those account...

9.8CVSS6AI score0.00343EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to ambiguity in the HMAC validation of signed URLs used for artifact access. An attacker can gain unauthorized read access to artifacts across repositories and write to upload-state...

9.6CVSS6AI score0.00177EPSS
Exploits0References2
Total number of security vulnerabilities35669