Browse all 33 CVE security advisories affecting Gogs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Gogs is a lightweight, self-hosted Git service written in Go, primarily used by organizations requiring private repository management without the complexity of larger alternatives. Despite its simplicity, the platform has accumulated thirty-three recorded Common Vulnerabilities and Exposures, reflecting persistent security challenges in its codebase. Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or authentication bypasses. While Gogs emphasizes ease of deployment and low resource consumption, its smaller development team compared to enterprise competitors has occasionally delayed critical patches. Recent incidents highlight risks associated with exposed administrative interfaces and insecure default configurations. Users must prioritize regular updates and strict access controls to mitigate these known weaknesses, ensuring that the convenience of self-hosting does not compromise infrastructure integrity against increasingly sophisticated threat actors targeting version control systems.
CVE-2026-252322026-02-21CVE-2026-252292026-02-21GHSA-cthv-ghtj-c5m52026-02-21CVE-2025-641112026-02-07Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with Gogs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.