Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gogs — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting gogs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by gogs:gogsgogs/gogs
CVE IDTitleCVSSSeverityPublished
CVE-2026-26276 Gogs: DOM-based XSS via milestone selection — gogsCWE-79 7.3 High2026-03-05
CVE-2026-26196 Gogs: Access tokens get exposed through URL params in API requests — gogsCWE-598 5.3 -2026-03-05
CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names — gogsCWE-79 5.4 -2026-03-05
CVE-2026-26194 Gogs: Release tag option injection in release deletion — gogsCWE-88 7.1 -2026-03-05
CVE-2026-25921 Gogs: Cross-repository LFS object overwrite via missing content hash verification — gogsCWE-345 9.3 Critical2026-03-05
CVE-2026-26022 Gogs: Stored XSS via data URI in issue comments — gogsCWE-79 8.7 High2026-03-05
CVE-2026-25229 Gogs Authorization Bypass Allows Cross-Repository Label Modification — gogsCWE-284 4.3 -2026-02-19
CVE-2026-25242 Gogs allows unauthenticated file uploads — gogsCWE-862 9.8 -2026-02-19
CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface — gogsCWE-863 8.8 -2026-02-19
CVE-2026-25120 Gogs Allows Cross-Repository Comment Deletion via DeleteComment — gogsCWE-639 4.9 -2026-02-19
CVE-2026-24135 Gogs vulnerable to arbitrary file deletion via path traversal in wiki page update — gogsCWE-22 8.1AIHighAI2026-02-06
CVE-2026-23633 Gogs has arbitrary file read/write via path traversal in Git hook editing — gogsCWE-22 6.5 Medium2026-02-06
CVE-2026-23632 Gogs user can update repository content with read-only permission — gogsCWE-862 6.5 Medium2026-02-06
CVE-2026-22592 Gogs is Vulnerable to Denial of Service — gogsCWE-862 6.5 Medium2026-02-06
CVE-2025-64175 Gogs Vulnerable to 2FA Bypass via Recovery Code — gogsCWE-287 8.2AIHighAI2026-02-06
CVE-2025-64111 Gogs's update .git/config file allows remote command execution — gogsCWE-78 8.8AIHighAI2026-02-06
CVE-2025-8110 File overwrite in file update API in Gogs — GogsCWE-22 7.8AIHighAI2025-12-10
CVE-2025-47943 Gogs stored XSS in PDF renderer — gogsCWE-79 6.3 Medium2025-06-24
CVE-2024-56731 Gogs deletion of internal files allows remote command execution — gogsCWE-552 10.0 Critical2025-06-24
CVE-2024-55947 Gogs has a Path Traversal in file update API — gogsCWE-22 8.8 -2024-12-23
CVE-2024-54148 Gogs has a Path Traversal in file editing UI — gogsCWE-61 8.8 -2024-12-23
CVE-2022-1884 Remote Command Execution in gogs/gogs — gogs/gogsCWE-78 8.1AIHighAI2024-11-15
CVE-2022-2024 OS Command Injection in gogs/gogs — gogs/gogsCWE-78 9.8 -2023-02-25
CVE-2022-32174 Gogs - XSS — gogsCWE-79 7.6 -2022-10-11
CVE-2022-1986 OS Command Injection in gogs/gogs — gogs/gogsCWE-78 9.8 -2022-06-09
CVE-2022-31038 XSS vulnerability in repository issue list in Gogs — gogsCWE-79 5.4 Medium2022-06-08
CVE-2022-1993 Path Traversal in gogs/gogs — gogs/gogsCWE-22 7.5 -2022-06-08
CVE-2022-1992 Path Traversal in gogs/gogs — gogs/gogsCWE-22 7.5 -2022-06-08
CVE-2022-1285 Server-Side Request Forgery (SSRF) in gogs/gogs — gogs/gogsCWE-918 8.2 -2022-06-01
CVE-2022-1464 Stored xss bug in gogs/gogs — gogs/gogsCWE-79 5.4 -2022-05-05

This page lists every published CVE security advisory associated with gogs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.