Vulnerabilities in gogs
57 resultsCVE-2022-31038MEDIUMXSS vulnerability in repository issue list in GogsEPSS 0.7%CVE-2022-1464HIGHStored xss bug in gogs/gogsEPSS 0.7%CVE-2026-24135HIGHGogs vulnerable to arbitrary file deletion via path traversal in wiki page updateEPSS 0.7%CVE-2026-25242MEDIUMGogs allows unauthenticated file uploadsEPSS 0.6%CVE-2026-52801HIGHGogs: Ability to import local repositories via Mirror SettingsEPSS 0.6%CVE-2026-52802MEDIUMGogs: Open Redirect via redirect_to in GogsEPSS 0.6%CVE-2026-52814MEDIUMGogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)EPSS 0.5%CVE-2026-52804MEDIUMGogs: Privilege Escalation via Collaboration Access Mode ValidationEPSS 0.5%CVE-2026-52807MEDIUMGogs: DOM-based XSS via Milestone Name on New Issue PageEPSS 0.5%CVE-2026-52808HIGHGogs: Write-level collaborators can mutate admin-only repository settings via APIEPSS 0.5%CVE-2026-52811CRITICALGogs: UploadRepoFiles writes outside repo working tree via committed parent symEPSS 0.5%CVE-2026-23633MEDIUMGogs has arbitrary file read/write via path traversal in Git hook editingEPSS 0.5%CVE-2025-64719MEDIUMGogs: Denial of Service in repository/wiki file listing web pagesEPSS 0.4%CVE-2026-25232HIGHGogs has a Protected Branch Deletion Bypass in Web InterfaceEPSS 0.4%CVE-2026-26194HIGHGogs: Release tag option injection in release deletionEPSS 0.4%CVE-2026-52798HIGHGogs: Stored XSS in `.ipynb` PreviewEPSS 0.4%CVE-2026-52810HIGHGogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusionEPSS 0.4%CVE-2025-64175HIGHGogs Vulnerable to 2FA Bypass via Recovery CodeEPSS 0.4%CVE-2026-52799HIGHGogs: Missing Authorization in Attachment DownloadEPSS 0.4%CVE-2026-47267HIGHGogs: SSRF in webhook deliveriesEPSS 0.4%