Vulnerabilities > Gogs > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2022-1884 Command Injection vulnerability in Gogs
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server.
network
low complexity
gogs CWE-77
critical
9.8
2023-02-25 CVE-2022-2024 OS Command Injection vulnerability in Gogs
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
network
low complexity
gogs CWE-78
critical
9.8
2022-10-11 CVE-2022-32174 Cross-site Scripting vulnerability in Gogs
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
network
low complexity
gogs CWE-79
critical
9.0
2022-06-09 CVE-2022-1986 OS Command Injection vulnerability in Gogs
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
network
low complexity
gogs CWE-78
critical
9.8
2022-06-09 CVE-2022-1992 Path Traversal vulnerability in Gogs
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
network
low complexity
gogs CWE-22
critical
9.1
2022-03-11 CVE-2022-0871 Missing Authorization vulnerability in Gogs
Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.
network
low complexity
gogs CWE-862
critical
9.1
2019-08-02 CVE-2019-14544 Missing Authorization vulnerability in Gogs 0.11.86
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.
network
low complexity
gogs CWE-862
critical
9.8
2018-11-04 CVE-2018-18925 Session Fixation vulnerability in Gogs
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go.
network
low complexity
gogs CWE-384
critical
9.8