Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gogs — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting gogs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Gogs is a lightweight, self-hosted Git service written in Go, primarily used by organizations requiring private repository management without the complexity of larger alternatives. Despite its simplicity, the platform has accumulated thirty-three recorded Common Vulnerabilities and Exposures, reflecting persistent security challenges in its codebase. Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or authentication bypasses. While Gogs emphasizes ease of deployment and low resource consumption, its smaller development team compared to enterprise competitors has occasionally delayed critical patches. Recent incidents highlight risks associated with exposed administrative interfaces and insecure default configurations. Users must prioritize regular updates and strict access controls to mitigate these known weaknesses, ensuring that the convenience of self-hosting does not compromise infrastructure integrity against increasingly sophisticated threat actors targeting version control systems.

Top products by gogs: gogs gogs/gogs
CVE IDTitleCVSSSeverityPublished
CVE-2026-26276 Gogs: DOM-based XSS via milestone selection — gogsCWE-79 7.3 High2026-03-05
CVE-2026-26196 Gogs: Access tokens get exposed through URL params in API requests — gogsCWE-598 5.3 -2026-03-05
CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names — gogsCWE-79 5.4 -2026-03-05
CVE-2026-26194 Gogs: Release tag option injection in release deletion — gogsCWE-88 7.1 -2026-03-05
CVE-2026-25921 Gogs: Cross-repository LFS object overwrite via missing content hash verification — gogsCWE-345 9.3 Critical2026-03-05
CVE-2026-26022 Gogs: Stored XSS via data URI in issue comments — gogsCWE-79 8.7 High2026-03-05
CVE-2026-25229 Gogs Authorization Bypass Allows Cross-Repository Label Modification — gogsCWE-284 4.3 -2026-02-19
CVE-2026-25242 Gogs allows unauthenticated file uploads — gogsCWE-862 9.8 -2026-02-19
CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface — gogsCWE-863 8.8 -2026-02-19
CVE-2026-25120 Gogs Allows Cross-Repository Comment Deletion via DeleteComment — gogsCWE-639 4.9 -2026-02-19
CVE-2026-24135 Gogs vulnerable to arbitrary file deletion via path traversal in wiki page update — gogsCWE-22 8.1AIHighAI2026-02-06
CVE-2026-23633 Gogs has arbitrary file read/write via path traversal in Git hook editing — gogsCWE-22 6.5 Medium2026-02-06
CVE-2026-23632 Gogs user can update repository content with read-only permission — gogsCWE-862 6.5 Medium2026-02-06
CVE-2026-22592 Gogs is Vulnerable to Denial of Service — gogsCWE-862 6.5 Medium2026-02-06
CVE-2025-64175 Gogs Vulnerable to 2FA Bypass via Recovery Code — gogsCWE-287 8.2AIHighAI2026-02-06
CVE-2025-64111 Gogs's update .git/config file allows remote command execution — gogsCWE-78 8.8AIHighAI2026-02-06
CVE-2025-8110 File overwrite in file update API in Gogs — GogsCWE-22 7.8AIHighAI2025-12-10
CVE-2025-47943 Gogs stored XSS in PDF renderer — gogsCWE-79 6.3 Medium2025-06-24
CVE-2024-56731 Gogs deletion of internal files allows remote command execution — gogsCWE-552 10.0 Critical2025-06-24
CVE-2024-55947 Gogs has a Path Traversal in file update API — gogsCWE-22 8.8 -2024-12-23
CVE-2024-54148 Gogs has a Path Traversal in file editing UI — gogsCWE-61 8.8 -2024-12-23
CVE-2022-1884 Remote Command Execution in gogs/gogs — gogs/gogsCWE-78 8.1AIHighAI2024-11-15
CVE-2022-2024 OS Command Injection in gogs/gogs — gogs/gogsCWE-78 9.8 -2023-02-25
CVE-2022-32174 Gogs - XSS — gogsCWE-79 7.6 -2022-10-11
CVE-2022-1986 OS Command Injection in gogs/gogs — gogs/gogsCWE-78 9.8 -2022-06-09
CVE-2022-31038 XSS vulnerability in repository issue list in Gogs — gogsCWE-79 5.4 Medium2022-06-08
CVE-2022-1993 Path Traversal in gogs/gogs — gogs/gogsCWE-22 7.5 -2022-06-08
CVE-2022-1992 Path Traversal in gogs/gogs — gogs/gogsCWE-22 7.5 -2022-06-08
CVE-2022-1285 Server-Side Request Forgery (SSRF) in gogs/gogs — gogs/gogsCWE-918 8.2 -2022-06-01
CVE-2022-1464 Stored xss bug in gogs/gogs — gogs/gogsCWE-79 5.4 -2022-05-05

This page lists every published CVE security advisory associated with gogs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.