Vulnerabilities > Gogs > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-44625 Path Traversal vulnerability in Gogs
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
network
low complexity
gogs CWE-22
8.8
2022-06-09 CVE-2022-1993 Path Traversal vulnerability in Gogs
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
network
low complexity
gogs CWE-22
8.1
2022-06-02 CVE-2021-32546 Unspecified vulnerability in Gogs
Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely.
network
low complexity
gogs
8.8
2022-03-21 CVE-2022-0415 Unrestricted Upload of File with Dangerous Type vulnerability in Gogs
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
network
low complexity
gogs CWE-434
8.8
2020-10-16 CVE-2020-15867 Unspecified vulnerability in Gogs
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution.
network
low complexity
gogs
7.2
2018-12-20 CVE-2018-20303 Path Traversal vulnerability in Gogs
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.
network
low complexity
gogs CWE-22
7.5
2018-09-03 CVE-2018-16409 Server-Side Request Forgery (SSRF) vulnerability in Gogs 0.11.53
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.
network
low complexity
gogs CWE-918
8.6
2018-08-08 CVE-2018-15193 Cross-Site Request Forgery (CSRF) vulnerability in Gogs 0.11.53
A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.
network
low complexity
gogs CWE-352
8.8
2018-08-08 CVE-2018-15192 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
network
low complexity
gogs gitea CWE-918
8.6