Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gogs — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in gogs, with AI-generated Chinese analysis, references, and POCs.

Vendor: gogs

CVE IDTitleCVSSSeverityPublished
CVE-2026-26276 Gogs: DOM-based XSS via milestone selection CWE-79 7.3 High2026-03-05
CVE-2026-26196 Gogs: Access tokens get exposed through URL params in API requests CWE-598 5.3 -2026-03-05
CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names CWE-79 5.4 -2026-03-05
CVE-2026-26194 Gogs: Release tag option injection in release deletion CWE-88 7.1 -2026-03-05
CVE-2026-25921 Gogs: Cross-repository LFS object overwrite via missing content hash verification CWE-345 9.3 Critical2026-03-05
CVE-2026-26022 Gogs: Stored XSS via data URI in issue comments CWE-79 8.7 High2026-03-05
CVE-2026-25229 Gogs Authorization Bypass Allows Cross-Repository Label Modification CWE-284 4.3 -2026-02-19
CVE-2026-25242 Gogs allows unauthenticated file uploads CWE-862 9.8 -2026-02-19
CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface CWE-863 8.8 -2026-02-19
CVE-2026-25120 Gogs Allows Cross-Repository Comment Deletion via DeleteComment CWE-639 4.9 -2026-02-19
CVE-2026-24135 Gogs vulnerable to arbitrary file deletion via path traversal in wiki page update CWE-22 8.1AIHighAI2026-02-06
CVE-2026-23633 Gogs has arbitrary file read/write via path traversal in Git hook editing CWE-22 6.5 Medium2026-02-06
CVE-2026-23632 Gogs user can update repository content with read-only permission CWE-862 6.5 Medium2026-02-06
CVE-2026-22592 Gogs is Vulnerable to Denial of Service CWE-862 6.5 Medium2026-02-06
CVE-2025-64175 Gogs Vulnerable to 2FA Bypass via Recovery Code CWE-287 8.2AIHighAI2026-02-06
CVE-2025-64111 Gogs's update .git/config file allows remote command execution CWE-78 8.8AIHighAI2026-02-06
CVE-2025-8110 File overwrite in file update API in Gogs CWE-22 7.8AIHighAI2025-12-10
CVE-2025-47943 Gogs stored XSS in PDF renderer CWE-79 6.3 Medium2025-06-24
CVE-2024-56731 Gogs deletion of internal files allows remote command execution CWE-552 10.0 Critical2025-06-24
CVE-2024-55947 Gogs has a Path Traversal in file update API CWE-22 8.8 -2024-12-23
CVE-2024-54148 Gogs has a Path Traversal in file editing UI CWE-61 8.8 -2024-12-23
CVE-2022-32174 Gogs - XSS CWE-79 7.6 -2022-10-11
CVE-2022-31038 XSS vulnerability in repository issue list in Gogs CWE-79 5.4 Medium2022-06-08

All 23 known CVE vulnerabilities affecting gogs with full Chinese analysis, references, and POCs where available.