Gitea Security Vulnerabilities (CVEs)

Track 24 security vulnerabilities affecting Gitea products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

6 Critical

5 High

11 Medium

2 Low

Sort by:

🔔 Get Alerts for Gitea

CVE-2026-20904 6.5

This vulnerability in Gitea allows authenticated users to modify the visibility settings of other users' OpenID identities due to improper ownership v...

Jan 22, 2026

CVE-2026-20912 9.1

Gitea versions before 1.25.4 have an improper access control vulnerability where attachments uploaded to private repositories can be linked to release...

Jan 22, 2026

CVE-2026-20897 9.1

CVE-2026-20897 is an improper access control vulnerability in Gitea where users with write access to any repository can delete Git LFS locks belonging...

Jan 22, 2026

CVE-2026-20736 7.5

This vulnerability in Gitea allows users who previously uploaded attachments to a repository to delete those attachments even after losing access to t...

Jan 22, 2026

CVE-2026-20750 9.1

Gitea contains an authorization bypass vulnerability where users with project write access in one organization can modify projects belonging to other ...

Jan 22, 2026

CVE-2026-20800 6.5

This vulnerability in Gitea allows users who have had their access to private repositories revoked to still view issue and pull request titles through...

Jan 22, 2026

CVE-2026-20883 6.5

This vulnerability allows users with revoked access to private Gitea repositories to still view issue titles and repository names through previously s...

Jan 22, 2026

CVE-2026-20888 4.3

This vulnerability in Gitea allows users with read access to pull requests to cancel scheduled auto-merges created by other users. It's an authorizati...

Jan 22, 2026

CVE-2026-0798 3.5

Gitea versions before 1.25.4 may send release notification emails for private repositories to users whose access has been revoked. This information di...

Jan 22, 2026

CVE-2025-68946 5.4

This CVE describes a cross-site scripting (XSS) vulnerability in Gitea versions before 1.20.1 where attackers can inject malicious JavaScript via forb...

Dec 26, 2025

CVE-2025-68943 5.3

Gitea versions before 1.21.8 inadvertently disclose users' login times through the explore/users API endpoint. This information leakage vulnerability ...

Dec 26, 2025

CVE-2025-68944 5.0

Gitea versions before 1.22.2 have a token scope propagation flaw in package registries that could allow authenticated users to access resources beyond...

Dec 26, 2025

CVE-2025-68945 5.8

This vulnerability allows anonymous users to access private projects belonging to other users in Gitea instances. It affects all Gitea installations r...

Dec 26, 2025

CVE-2025-68942 5.4

This Cross-Site Scripting (XSS) vulnerability in Gitea allows attackers to inject malicious scripts into the search input box for creating tags and br...

Dec 26, 2025

CVE-2025-68939 8.2

This vulnerability in Gitea allows attackers to bypass file extension restrictions by manipulating attachment names through the attachment API. Attack...

Dec 26, 2025

CVE-2025-68940 3.1

This vulnerability allows users with insufficient permissions to delete branches after merging pull requests in Gitea instances. It affects all Gitea ...

Dec 26, 2025

CVE-2025-68941 4.9

Gitea versions before 1.22.3 contain an authorization bypass vulnerability where API tokens with scope limited to public resources can improperly acce...

Dec 26, 2025

CVE-2025-68938 4.3

Gitea versions before 1.25.2 have an authorization flaw that allows users to delete releases they shouldn't have permission to delete. This affects al...

Dec 26, 2025

CVE-2022-30781 7.5

CVE-2022-30781 is a remote code execution vulnerability in Gitea where improper escaping of git fetch remote parameters allows attackers to execute ar...

May 16, 2022

CVE-2022-27313 7.5

CVE-2022-27313 is an arbitrary file deletion vulnerability in Gitea that allows attackers to delete the configuration file, causing a Denial of Servic...

May 3, 2022

CVE-2021-45330 9.8

This vulnerability in Gitea allows a malicious user to maintain access to a session even after logout due to improper cookie deletion on the client si...

Feb 9, 2022

CVE-2021-45325 7.5

This Server-Side Request Forgery (SSRF) vulnerability in Gitea before version 1.7.0 allows attackers to make unauthorized requests from the Gitea serv...

Feb 8, 2022

CVE-2021-45327 9.8

CVE-2021-45327 is a server-side request forgery (SSRF) vulnerability in Gitea's admin and user API endpoints that improperly trusts HTTP permission me...

Feb 8, 2022

CVE-2020-28991 9.8

This vulnerability in Gitea allows attackers to inject malicious git protocol URLs containing newline characters and port specifications, potentially ...

Nov 24, 2020

Why Monitor Gitea Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 24+ known vulnerabilities affecting Gitea products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Gitea packages in under 60 seconds. No agents required - completely agentless scanning that works across Gitea deployments.

Free vulnerability database: Access detailed information about every Gitea CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Gitea CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Gitea CVEs Free