Pagure Security Vulnerabilities and Issues — Pagure CVE List

Lucene search

RedhatPagure

7 matches found

CVE•added 2020/09/25 6:15 a.m.•152 views

CVE-2019-11556

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

6.1CVSS5.8AI score0.00587EPSS

CVE•added 2019/11/06 7:15 p.m.•62 views

CVE-2016-1000037

Pagure: XSS possible in file attachment endpoint

6.1CVSS5.9AI score0.00494EPSS

CVE•added 2025/05/12 7:15 p.m.•54 views

CVE-2024-4982

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.

7.6CVSS6.5AI score0.00177EPSS

CVE•added 2019/02/08 3:29 a.m.•47 views

CVE-2019-7628

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_...

5.9CVSS5.5AI score0.00212EPSS

CVE•added 2017/09/14 1:29 p.m.•44 views

CVE-2017-1002151

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

7.5CVSS7.5AI score0.00282EPSS

CVE•added 2025/05/12 7:15 p.m.•44 views

CVE-2024-4981

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.

7.6CVSS7.4AI score0.00057EPSS

CVE•added 2016/10/07 6:59 p.m.•34 views

CVE-2016-1000007

Pagure 2.2.1 XSS in raw file endpoint

6.1CVSS5.9AI score0.0024EPSS