Vulnerabilities (CVE)

Filtered by vendor Gogs Subscribe

Filtered by product Gogs

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-1986	1 Gogs	1 Gogs	2022-06-15	7.5 HIGH	9.8 CRITICAL
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
CVE-2022-1992	2 Gogs, Microsoft	2 Gogs, Windows	2022-06-15	6.4 MEDIUM	9.1 CRITICAL
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
CVE-2019-14544	1 Gogs	1 Gogs	2020-08-24	7.5 HIGH	9.8 CRITICAL
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.
CVE-2018-18925	1 Gogs	1 Gogs	2019-01-29	7.5 HIGH	9.8 CRITICAL
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.