📦 Gogs

This vulnerability allows attackers to modify files in the .git directory of Gogs installations, potentially leading to remote command execution. It affects Gogs versions 0.13.3 and earlier due to an ...

This vulnerability allows unprivileged users in Gogs to delete files in the .git directory, leading to remote command execution. Attackers can execute arbitrary commands with the privileges of the RUN...

This vulnerability in Gogs allows a malicious user to commit a crafted symlink file to a repository, potentially gaining SSH access to the server. All Gogs instances running vulnerable versions are af...

A remote command execution vulnerability in Gogs (Git service) allows attackers to upload malicious files to the .git directory when deployed on Windows servers. By manipulating the tree_path paramete...

This vulnerability allows authenticated attackers to execute arbitrary code on Gogs servers by exploiting argument injection in the built-in SSH server. It affects Gogs installations with the built-in...

CVE-2024-39932 is an argument injection vulnerability in Gogs that allows attackers to execute arbitrary commands on the server during change preview operations. This affects all Gogs instances runnin...

This CVE describes an OS command injection vulnerability in Gogs (a self-hosted Git service) that allows attackers to execute arbitrary commands on the server. It affects all Gogs installations prior ...

CVE-2022-1986 is an OS command injection vulnerability in Gogs (a self-hosted Git service) that allows attackers to execute arbitrary commands on the server. This affects all Gogs installations prior ...

CVE-2022-0871 is a missing authorization vulnerability in Gogs (a self-hosted Git service) that allows attackers to bypass authentication and access unauthorized repositories. This affects all Gogs in...

This CVE describes a DOM-based cross-site scripting (XSS) vulnerability in Gogs self-hosted Git service. Attackers can inject malicious JavaScript into milestone names, which executes when users creat...

This stored XSS vulnerability in Gogs allows authenticated users to inject malicious JavaScript via data: URIs in comments and issue descriptions. The vulnerability affects all Gogs instances running ...

This CVE describes an access control bypass vulnerability in Gogs self-hosted Git service where users with Write permissions can delete protected branches via the web interface, bypassing branch prote...

CVE-2026-24135 is a path traversal vulnerability in Gogs self-hosted Git service that allows authenticated users with wiki write access to delete arbitrary files on the server. The vulnerability exist...

Gogs versions 0.13.3 and earlier have a critical authentication bypass vulnerability where 2FA recovery codes are not scoped to specific users. An attacker who knows a victim's credentials can use any...

CVE-2025-8110 is a path traversal vulnerability in Gogs' PutContents API that allows improper symbolic link handling, enabling authenticated attackers to write arbitrary files and achieve remote code ...

This directory traversal vulnerability in Gogs allows attackers to read, write, or delete arbitrary files on the server by manipulating file paths in edit requests. It affects all Gogs installations r...

CVE-2022-1993 is a path traversal vulnerability in Gogs (Go Git Service) that allows attackers to read arbitrary files on the server by manipulating file paths. This affects all Gogs installations pri...

CVE-2021-32546 is a remote code execution vulnerability in Gogs Git hosting software. Unauthenticated attackers can exploit missing input validation to overwrite Git configuration files and execute ar...

This vulnerability in Gogs allows authenticated users to cause a denial-of-service (DoS) attack by deleting repository files before synchronization, which crashes the application. It affects self-host...

This vulnerability in Gogs allows attackers to read or write arbitrary files on the server through path traversal in Git hook editing functionality. Attackers can potentially access sensitive configur...

This vulnerability allows attackers with read-only access tokens to modify repository contents in Gogs self-hosted Git service. It affects all Gogs instances running version 0.13.3 or earlier. Attacke...

This vulnerability allows repository administrators in Gogs to delete comments from any repository by manipulating comment IDs, bypassing authorization controls. It affects all Gogs instances running ...