Gogs

Gogs

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-24135

  • EPSS 0.05%
  • Veröffentlicht 06.02.2026 17:47:49
  • Zuletzt bearbeitet 17.02.2026 21:55:35

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to dele...

6.5

CVE-2026-23633

Exploit
  • EPSS 0.06%
  • Veröffentlicht 06.02.2026 17:46:59
  • Zuletzt bearbeitet 17.02.2026 21:54:40

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev.

6.5

CVE-2026-23632

  • EPSS 0.04%
  • Veröffentlicht 06.02.2026 17:43:45
  • Zuletzt bearbeitet 17.02.2026 21:53:45

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/*" does not require write permissions and allows access with read permission only via repoAssignment(). After passing the perm...

6.5

CVE-2026-22592

Exploit
  • EPSS 0.04%
  • Veröffentlicht 06.02.2026 17:42:26
  • Zuletzt bearbeitet 17.02.2026 21:40:59

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched...

8.8

CVE-2025-64175

  • EPSS 0.02%
  • Veröffentlicht 06.02.2026 17:41:07
  • Zuletzt bearbeitet 17.02.2026 21:38:20

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unuse...

9.8

CVE-2025-64111

Exploit
  • EPSS 0.15%
  • Veröffentlicht 06.02.2026 16:58:01
  • Zuletzt bearbeitet 18.02.2026 18:09:57

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched...

8.8

CVE-2025-8110

Warnung Medienbericht Exploit
  • EPSS 19.71%
  • Veröffentlicht 10.12.2025 13:23:46
  • Zuletzt bearbeitet 20.01.2026 13:47:34

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

6.3

CVE-2025-47943

  • EPSS 0.05%
  • Veröffentlicht 24.06.2025 03:48:06
  • Zuletzt bearbeitet 30.07.2025 18:15:40

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused b...

9.8

CVE-2024-56731

  • EPSS 0.8%
  • Veröffentlicht 24.06.2025 03:37:42
  • Zuletzt bearbeitet 21.08.2025 20:43:18

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can...

8.8

CVE-2024-55947

Medienbericht Exploit
  • EPSS 78.23%
  • Veröffentlicht 23.12.2024 16:15:07
  • Zuletzt bearbeitet 10.04.2025 14:47:42

Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.