-
Notifications
You must be signed in to change notification settings - Fork 5k
Security: gogs/gogs
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Deletion of internal files allows remote command executionGHSA-wj44-9vcg-wjq7 published
Jun 24, 2025 by unknwonCritical -
Argument Injection when tagging new releasesGHSA-m27m-h5gj-wwmg published
Dec 23, 2024 by unknwonHigh -
Argument Injection during changes previewGHSA-9pp6-wq8c-3w2c published
Dec 23, 2024 by unknwonCritical -
Deletion of internal filesGHSA-ccqv-43vm-4f3w published
Dec 23, 2024 by unknwonCritical -
Argument Injection in the built-in SSH serverGHSA-vm62-9jw3-c8w3 published
Dec 23, 2024 by unknwonCritical -
Path Traversal in file update APIGHSA-qf5v-rp47-55gg published
Dec 23, 2024 by unknwonCritical -
Path Traversal in file editing UIGHSA-r7j8-5h9c-f6fx published
Dec 23, 2024 by unknwonCritical -
Stored XSS in PDF rendererGHSA-xh32-cx6c-cp4v published
Jun 24, 2025 by unknwonModerate -
OS Command Injection in repo editor on case-insensitive file systemsGHSA-pfvh-p8qp-9ww9 published
Feb 25, 2023 by unknwonCritical -
Stored XSS AssigneeGHSA-3ghq-jqx4-4c4f published
Feb 25, 2023 by unknwonCritical