Browse all 22 CVE security advisories affecting Gitea. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Gitea is a lightweight, self-hosted Git service designed to provide version control and collaboration features similar to GitHub or GitLab. Its architecture prioritizes ease of deployment and low resource consumption, making it popular among small to medium-sized organizations seeking an alternative to heavier platforms. Historically, security audits have identified several critical vulnerability classes within the codebase, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These issues often stem from improper input validation or insufficient access controls in specific endpoints. While no massive, widespread breaches have defined its public history, the presence of twenty-two recorded CVEs indicates a pattern of discrete security defects that require diligent patching. The project’s open-source nature allows for community-driven scrutiny, yet the frequency of these findings underscores the necessity for rigorous code review and timely updates to maintain a secure development environment.
Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with Gitea. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.