Vulnerabilities > Gogs > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-02-25 CVE-2022-2024 OS Command Injection vulnerability in Gogs
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
network
low complexity
gogs CWE-78
critical
9.8
2022-10-11 CVE-2022-32174 Cross-site Scripting vulnerability in Gogs
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
network
low complexity
gogs CWE-79
critical
9.0
2022-03-11 CVE-2022-0871 Missing Authorization vulnerability in Gogs
Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.
network
low complexity
gogs CWE-862
critical
9.1