Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Gitea — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting Gitea. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Gitea is a lightweight, self-hosted Git service designed to provide version control and collaboration features similar to GitHub or GitLab. Its architecture prioritizes ease of deployment and low resource consumption, making it popular among small to medium-sized organizations seeking an alternative to heavier platforms. Historically, security audits have identified several critical vulnerability classes within the codebase, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These issues often stem from improper input validation or insufficient access controls in specific endpoints. While no massive, widespread breaches have defined its public history, the presence of twenty-two recorded CVEs indicates a pattern of discrete security defects that require diligent patching. The project’s open-source nature allows for community-driven scrutiny, yet the frequency of these findings underscores the necessity for rigorous code review and timely updates to maintain a secure development environment.

Found 10 results / 22Clear Filters
Top products by Gitea: Gitea Gitea Open Source Git Server
CVE IDTitleCVSSSeverityPublished
CVE-2026-20912 Gitea: Cross-Repository Authorization Bypass via Release Attachment Linking Leads to Private Attachment Disclosure — Gitea Open Source Git ServerCWE-284 7.5AIHighAI2026-01-22
CVE-2026-20904 Gitea: Broken access control in OpenID visibility toggle enables cross-user visibility changes — Gitea Open Source Git ServerCWE-284 4.3AIMediumAI2026-01-22
CVE-2026-20897 Gitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR) — Gitea Open Source Git ServerCWE-284 6.5AIMediumAI2026-01-22
CVE-2026-20883 Gitea Stopwatch API Missing Authorization Check Leads to Post-Revocation Information Disclosure — Gitea Open Source Git ServerCWE-284 5.3AIMediumAI2026-01-22
CVE-2026-20888 Gitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass) — Gitea Open Source Git ServerCWE-284 4.3AIMediumAI2026-01-22
CVE-2026-20750 Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR) — Gitea Open Source Git ServerCWE-284 6.5AIMediumAI2026-01-22
CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation — Gitea Open Source Git ServerCWE-200 5.4AIMediumAI2026-01-22
CVE-2026-20736 Gitea Web Attachment Deletion: Cross-Repository Unauthorized Deletion via Missing Repo Ownership Check — Gitea Open Source Git ServerCWE-284 6.5AIMediumAI2026-01-22
CVE-2026-0798 Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation — Gitea Open Source Git ServerCWE-284 3.5AILowAI2026-01-22
CVE-2024-6886 Inproper Sanitation of field leading to stored XSS — Gitea Open Source Git ServerCWE-79 5.4AIMediumAI2024-08-06

This page lists every published CVE security advisory associated with Gitea. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.