High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-16	CVE-2022-30781	Improper Encoding or Escaping of Output vulnerability in Gitea Gitea before 1.16.7 does not escape git fetch remote. network low complexity gitea CWE-116	7.5
2022-05-03	CVE-2022-27313	Unspecified vulnerability in Gitea 1.16.3 An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. network low complexity gitea	7.5
2022-03-10	CVE-2022-0905	Unspecified vulnerability in Gitea Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. network low complexity gitea	7.1
2022-02-08	CVE-2021-45325	Server-Side Request Forgery (SSRF) vulnerability in Gitea Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. network low complexity gitea CWE-918	7.5
2022-02-08	CVE-2021-45326	Cross-Site Request Forgery (CSRF) vulnerability in Gitea Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. network low complexity gitea CWE-352	8.8
2021-02-05	CVE-2021-3382	Out-of-bounds Write vulnerability in Gitea Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path. network low complexity gitea CWE-787	7.5
2020-10-16	CVE-2020-14144	OS Command Injection vulnerability in Gitea The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). network low complexity gitea CWE-78	7.2
2020-05-20	CVE-2020-13246	Improper Locking vulnerability in Gitea An issue was discovered in Gitea through 1.11.5. network low complexity gitea CWE-667	7.5
2019-05-31	CVE-2019-10330	Missing Authorization vulnerability in Gitea Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted. network low complexity gitea CWE-862	7.5
2019-04-15	CVE-2019-11229	Unspecified vulnerability in Gitea models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution. network low complexity gitea	8.8