Browse all 4 CVE security advisories affecting go-gitea. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Go-gitea serves as a lightweight, self-hosted Git service alternative to GitHub, enabling version control and collaboration for development teams. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with four CVEs currently documented. The application's attack surface often stems from its web interface and API endpoints, where improper input validation and access control issues have been recurrent. While no major public security incidents have been widely reported, the project maintains an active security response process. Regular updates and community contributions help address identified flaws, though users should remain vigilant about applying patches promptly due to the potential for critical vulnerabilities in internet-facing deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-3515 | Open Redirect in go-gitea/gitea — go-gitea/giteaCWE-601 | 6.1 | - | 2023-07-05 |
| CVE-2022-1928 | Cross-site Scripting (XSS) - Stored in go-gitea/gitea — go-gitea/giteaCWE-79 | 5.4 | - | 2022-05-29 |
| CVE-2022-1058 | Open Redirect on login in go-gitea/gitea — go-gitea/giteaCWE-601 | 6.1 | - | 2022-03-24 |
| CVE-2022-0905 | Missing Authorization in go-gitea/gitea — go-gitea/giteaCWE-862 | 7.1 | - | 2022-03-10 |
This page lists every published CVE security advisory associated with go-gitea. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.