Vulnerabilities > Gogs > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-11-15 | CVE-2022-1884 | Command Injection vulnerability in Gogs A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. | 9.8 |
2023-02-25 | CVE-2022-2024 | OS Command Injection vulnerability in Gogs OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | 9.8 |
2022-10-11 | CVE-2022-32174 | Cross-site Scripting vulnerability in Gogs In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. | 9.0 |
2022-06-09 | CVE-2022-1986 | OS Command Injection vulnerability in Gogs OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. | 9.8 |
2022-06-09 | CVE-2022-1992 | Path Traversal vulnerability in Gogs Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | 9.1 |
2022-03-11 | CVE-2022-0871 | Missing Authorization vulnerability in Gogs Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. | 9.1 |
2019-08-02 | CVE-2019-14544 | Missing Authorization vulnerability in Gogs 0.11.86 routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. | 9.8 |
2018-11-04 | CVE-2018-18925 | Session Fixation vulnerability in Gogs Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. | 9.8 |