Vulnerabilities > Gitea > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-08 | CVE-2021-45325 | Server-Side Request Forgery (SSRF) vulnerability in Gitea Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | 5.0 |
| 2022-02-08 | CVE-2021-45326 | Cross-Site Request Forgery (CSRF) vulnerability in Gitea Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. | 6.8 |
| 2021-02-05 | CVE-2021-3382 | Out-of-bounds Write vulnerability in Gitea Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path. | 5.0 |
| 2020-05-20 | CVE-2020-13246 | Improper Locking vulnerability in Gitea An issue was discovered in Gitea through 1.11.5. | 5.0 |
| 2019-07-18 | CVE-2019-1010261 | Cross-site Scripting vulnerability in Gitea Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). | 4.3 |
| 2019-07-11 | CVE-2019-1010314 | Cross-site Scripting vulnerability in Gitea 1.7.2/1.7.3 Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). | 4.3 |
| 2019-04-15 | CVE-2019-11229 | Unspecified vulnerability in Gitea models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution. | 6.5 |
| 2019-04-15 | CVE-2019-11228 | Improper Input Validation vulnerability in Gitea repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. | 5.0 |
| 2019-02-04 | CVE-2019-1000002 | Unspecified vulnerability in Gitea Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. | 5.5 |
| 2018-10-08 | CVE-2018-1000803 | Information Exposure vulnerability in Gitea Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. | 5.0 |