| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-26276 | Gogs: DOM-based XSS via milestone selection | gogs | gogs | High | 7.3 | 2026-03-05 18:51:14 | Deep Dive |
| CVE-2026-26196 | Gogs: Access tokens get exposed through URL params in API requests | gogs | gogs | 中危 | - | 2026-03-05 18:49:20 | Deep Dive |
| CVE-2026-26195 | Gogs: Stored XSS in branch and wiki views through author and committer names | gogs | gogs | 中危 | - | 2026-03-05 18:40:31 | Deep Dive |
| CVE-2026-26194 | Gogs: Release tag option injection in release deletion | gogs | gogs | 中危 | - | 2026-03-05 18:38:39 | Deep Dive |
| CVE-2026-25921 | Gogs: Cross-repository LFS object overwrite via missing content hash verification | gogs | gogs | Critical | 9.3 | 2026-03-05 18:36:31 | Deep Dive |
| CVE-2026-26022 | Gogs: Stored XSS via data URI in issue comments | gogs | gogs | High | 8.7 | 2026-03-05 18:34:13 | Deep Dive |
| CVE-2026-25229 | Gogs Authorization Bypass Allows Cross-Repository Label Modification | gogs | gogs | 中危 | - | 2026-02-19 02:33:10 | Deep Dive |
| CVE-2026-25242 | Gogs allows unauthenticated file uploads | gogs | gogs | 超危 | - | 2026-02-19 02:28:40 | Deep Dive |
| CVE-2026-25232 | Gogs has a Protected Branch Deletion Bypass in Web Interface | gogs | gogs | 高危 | - | 2026-02-19 02:25:34 | Deep Dive |
| CVE-2026-25120 | Gogs Allows Cross-Repository Comment Deletion via DeleteComment | gogs | gogs | 低危 | - | 2026-02-19 01:59:39 | Deep Dive |
| CVE-2026-24135 | Gogs vulnerable to arbitrary file deletion via path traversal in wiki page update | gogs | gogs | - | - | 2026-02-06 17:47:50 | Deep Dive |
| CVE-2026-23633 | Gogs has arbitrary file read/write via path traversal in Git hook editing | gogs | gogs | Medium | 6.5 | 2026-02-06 17:47:00 | Deep Dive |
| CVE-2026-23632 | Gogs user can update repository content with read-only permission | gogs | gogs | Medium | 6.5 | 2026-02-06 17:43:46 | Deep Dive |
| CVE-2026-22592 | Gogs is Vulnerable to Denial of Service | gogs | gogs | Medium | 6.5 | 2026-02-06 17:42:26 | Deep Dive |
| CVE-2025-64175 | Gogs Vulnerable to 2FA Bypass via Recovery Code | gogs | gogs | - | - | 2026-02-06 17:41:07 | Deep Dive |
| CVE-2025-64111 | Gogs's update .git/config file allows remote command execution | gogs | gogs | - | - | 2026-02-06 16:58:02 | Deep Dive |
| CVE-2025-8110 | File overwrite in file update API in Gogs | Gogs | Gogs | - | - | 2025-12-10 13:23:47 | Deep Dive |
| CVE-2025-47943 | Gogs stored XSS in PDF renderer | gogs | gogs | Medium | 6.3 | 2025-06-24 03:48:06 | Deep Dive |
| CVE-2024-56731 | Gogs deletion of internal files allows remote command execution | gogs | gogs | Critical | 10.0 | 2025-06-24 03:37:42 | Deep Dive |
| CVE-2024-55947 | Gogs has a Path Traversal in file update API | gogs | gogs | 高危 | - | 2024-12-23 15:26:48 | Deep Dive |