Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-15	CVE-2022-1884	Command Injection vulnerability in Gogs A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. network low complexity gogs CWE-77 critical	9.8
2024-07-04	CVE-2024-39930	Unspecified vulnerability in Gogs The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. network low complexity gogs critical	9.9
2024-07-04	CVE-2024-39931	Unspecified vulnerability in Gogs Gogs through 0.13.0 allows deletion of internal files. network low complexity gogs critical	9.9
2024-07-04	CVE-2024-39932	Unspecified vulnerability in Gogs Gogs through 0.13.0 allows argument injection during the previewing of changes. network low complexity gogs critical	9.9
2023-02-25	CVE-2022-2024	Unspecified vulnerability in Gogs OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. network low complexity gogs critical	9.8
2022-10-11	CVE-2022-32174	Cross-site Scripting vulnerability in Gogs In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. network low complexity gogs CWE-79 critical	9.0
2022-06-09	CVE-2022-1986	OS Command Injection vulnerability in Gogs OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. network low complexity gogs CWE-78 critical	9.8
2022-06-09	CVE-2022-1992	Path Traversal vulnerability in Gogs Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. network low complexity gogs CWE-22 critical	9.1
2022-03-11	CVE-2022-0871	Unspecified vulnerability in Gogs Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. network low complexity gogs critical	9.1
2019-08-02	CVE-2019-14544	Missing Authorization vulnerability in Gogs 0.11.86 routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. network low complexity gogs CWE-862 critical	9.8