Vulnerabilities > Gogs > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-09 CVE-2022-1986 OS Command Injection vulnerability in Gogs
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
network
low complexity
gogs CWE-78
7.5
2019-08-02 CVE-2019-14544 Missing Authorization vulnerability in Gogs 0.11.86
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.
network
low complexity
gogs CWE-862
7.5
2018-11-04 CVE-2018-18925 Session Fixation vulnerability in Gogs
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go.
network
low complexity
gogs CWE-384
7.5