Vulnerabilities > Gitea > Gitea > 1.9.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-07 | CVE-2022-38795 | Unspecified vulnerability in Gitea In Gitea through 1.17.1, repo cloning can occur in the migration function. | 6.5 |
| 2023-07-05 | CVE-2023-3515 | Open Redirect vulnerability in Gitea Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. | 4.4 |
| 2022-10-16 | CVE-2022-42968 | Argument Injection or Modification vulnerability in Gitea Gitea before 1.17.3 does not sanitize and escape refs in the git backend. | 9.8 |
| 2022-08-12 | CVE-2022-38183 | Missing Authorization vulnerability in Gitea In Gitea before 1.16.9, it was possible for users to add existing issues to projects. | 6.5 |
| 2022-05-29 | CVE-2022-1928 | Cross-site Scripting vulnerability in Gitea Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. | 5.4 |
| 2022-05-16 | CVE-2022-30781 | Improper Encoding or Escaping of Output vulnerability in Gitea Gitea before 1.16.7 does not escape git fetch remote. | 7.5 |
| 2022-03-24 | CVE-2022-1058 | Open Redirect vulnerability in Gitea Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. | 6.1 |
| 2022-03-15 | CVE-2021-29134 | Path Traversal vulnerability in Gitea The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. | 5.3 |
| 2022-03-10 | CVE-2022-0905 | Unspecified vulnerability in Gitea Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. | 7.1 |
| 2022-02-09 | CVE-2021-45330 | Incomplete Cleanup vulnerability in Gitea An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse. | 9.8 |