repo

Sep 24, 2025 GO-2025-4261

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Dec 18, 2025 GO-2025-4261

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Nov 22, 2025 GO-2025-4261

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Nov 4, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Oct 29, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Changes in this version

+ func RelativeWikiPath(ownerName, repoName string) string

type Repository

+ func (repo *Repository) CanContentChange() bool

Sep 25, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Apr 28, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Oct 25, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Sep 11, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Aug 13, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Aug 4, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Jul 15, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Jun 20, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Jun 19, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Jun 10, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Changes in this version

+ func ComposeTeaCloneCommand(ctx context.Context, owner, repo string) string

+ func CreatePendingRepositoryTransfer(ctx context.Context, doer, newOwner *user_model.User, repoID int64, ...) error

+ func DeleteRepoReleases(ctx context.Context, repoID int64) error

+ func DeleteRepositoryTransfer(ctx context.Context, repoID int64) error

+ func IsErrNoPendingTransfer(err error) bool

+ func IsErrRepoTransferInProgress(err error) bool

+ func IsErrUserOwnRepos(err error) bool

+ func IsRepositoryTransferExist(ctx context.Context, repoID int64) (bool, error)

+ func IsValidSSHAccessRepoName(name string) bool

+ func PushUpdateDeleteTags(ctx context.Context, repo *Repository, tags []string) error

+ func RelativePath(ownerName, repoName string) string

+ func TestRepositoryReadyForTransfer(status RepositoryStatus) error

+ func UpdateReleaseNumCommits(ctx context.Context, rel *Release) error

+ func UpdateRepoUnitPublicAccess(ctx context.Context, unit *RepoUnit) error

+ func UpdateRepositoryColsWithAutoTime(ctx context.Context, repo *Repository, cols ...string) error

+ type AccessibleReposEnvironment interface

+ AddKeyword func(keyword string)

+ CountRepos func(ctx context.Context) (int64, error)

+ MirrorRepos func(ctx context.Context) (RepositoryList, error)

+ RepoIDs func(ctx context.Context) ([]int64, error)

+ SetSort func(db.SearchOrderBy)

+ func AccessibleReposEnv(ctx context.Context, org *org_model.Organization, userID int64) (AccessibleReposEnvironment, error)

+ func AccessibleTeamReposEnv(org *org_model.Organization, team *org_model.Team) AccessibleReposEnvironment

type CloneLink

+ Tea string

+ type ErrNoPendingRepoTransfer struct

+ RepoID int64

+ func (err ErrNoPendingRepoTransfer) Error() string

+ func (err ErrNoPendingRepoTransfer) Unwrap() error

+ type ErrRepoTransferInProgress struct

+ Name string

+ Uname string

+ func (err ErrRepoTransferInProgress) Error() string

+ func (err ErrRepoTransferInProgress) Unwrap() error

+ type ErrUserOwnRepos struct

+ UID int64

+ func (err ErrUserOwnRepos) Error() string

+ type PendingRepositoryTransferOptions struct

+ RecipientID int64

+ RepoID int64

+ SenderID int64

+ func (opts *PendingRepositoryTransferOptions) ToConds() builder.Cond

+ type RepoTransfer struct

+ CreatedUnix timeutil.TimeStamp

+ Doer *user_model.User

+ DoerID int64

+ ID int64

+ Recipient *user_model.User

+ RecipientID int64

+ Repo *Repository

+ RepoID int64

+ TeamIDs []int64

+ Teams []*organization.Team

+ UpdatedUnix timeutil.TimeStamp

+ func GetPendingRepositoryTransfer(ctx context.Context, repo *Repository) (*RepoTransfer, error)

+ func GetPendingRepositoryTransfers(ctx context.Context, opts *PendingRepositoryTransferOptions) ([]*RepoTransfer, error)

+ func (r *RepoTransfer) CanUserAcceptOrRejectTransfer(ctx context.Context, u *user_model.User) bool

+ func (r *RepoTransfer) LoadAttributes(ctx context.Context) error

+ func (r *RepoTransfer) LoadRecipient(ctx context.Context) error

+ func (r *RepoTransfer) LoadRepo(ctx context.Context) error

type RepoUnit

+ AnonymousAccessMode perm.AccessMode

type Repository

+ func GetRepositoryByURLRelax(ctx context.Context, repoURL string) (*Repository, error)

+ func (repo *Repository) CloneLinkGeneral(ctx context.Context) (cl *CloneLink)

+ func (repo *Repository) ComposeCommentMetas(ctx context.Context) map[string]string

+ func (repo *Repository) ComposeRepoFileMetas(ctx context.Context) map[string]string

+ func (repo *Repository) RelativePath() string

+ func (repo *Repository) WikiStorageRepo() StorageRepo

type RepositoryList

+ func GetOrgRepositories(ctx context.Context, orgID int64) (RepositoryList, error)

+ func GetTeamRepositories(ctx context.Context, opts *SearchTeamRepoOptions) (RepositoryList, error)

+ type SearchTeamRepoOptions struct

+ TeamID int64

+ type StorageRepo string

+ func (sr StorageRepo) RelativePath() string

Apr 29, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Dec 16, 2024 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

May 12, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Apr 7, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Mar 24, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Mar 4, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Feb 19, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Feb 6, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Feb 5, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Jan 10, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Jan 9, 2025 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Changes in this version

+ var OrderByFlatMap = map[string]db.SearchOrderBy

+ var OrderByMap = map[string]map[string]db.SearchOrderBy

+ func CleanRepoLicenses(ctx context.Context, repo *Repository) error

+ func CopyLicense(ctx context.Context, originalRepo, destRepo *Repository) error

+ func FindTagsByCommitIDs(ctx context.Context, repoID int64, commitIDs ...string) (map[string][]*Release, error)

+ func UpdateRepoLicenses(ctx context.Context, repo *Repository, commitID string, licenses []string) error

+ func UpdateRepositoryColsNoAutoTime(ctx context.Context, repo *Repository, cols ...string) error

type FindReleasesOptions

+ NamePattern optional.Option[string]

+ type RepoLicense struct

+ CommitID string

+ CreatedUnix timeutil.TimeStamp

+ ID int64

+ License string

+ RepoID int64

+ UpdatedUnix timeutil.TimeStamp

+ type RepoLicenseList []*RepoLicense

+ func GetRepoLicenses(ctx context.Context, repo *Repository) (RepoLicenseList, error)

+ func (rll RepoLicenseList) StringList() []string

type Repository

+ func (repo *Repository) ComposeWikiMetas(ctx context.Context) map[string]string

Dec 17, 2024 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Mar 28, 2024 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Dec 13, 2024 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Dec 11, 2024 GO-2025-4258 +1 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Nov 25, 2024 GO-2025-4258 +2 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

Changes in this version

type PushMirror

+ func GetPushMirrorByIDAndRepoID(ctx context.Context, id, repoID int64) (*PushMirror, bool, error)

type RepositoryList

+ func (repos RepositoryList) LoadLanguageStats(ctx context.Context) error

+ func (repos RepositoryList) LoadOwners(ctx context.Context) error

Oct 9, 2024 GO-2025-4258 +2 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

Sep 5, 2024 GO-2025-4258 +3 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jul 4, 2024 GO-2025-4258 +5 more

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

May 27, 2024 GO-2024-3056 +6 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func CountOrphanedTopics(ctx context.Context) (int64, error)

+ func DeleteOrphanedTopics(ctx context.Context) (int64, error)

+ type FindCollaborationOptions struct

+ CollaboratorID int64

+ RepoID int64

+ RepoOwnerID int64

+ func (opts *FindCollaborationOptions) ToConds() builder.Cond

+ func (opts *FindCollaborationOptions) ToJoins() []db.JoinFunc

type FindReleasesOptions

+ func (opts FindReleasesOptions) ToOrders() string

type FindRepoArchiversOption

+ func (opts FindRepoArchiversOption) ToConds() builder.Cond

+ func (opts FindRepoArchiversOption) ToOrders() string

type FindTopicOptions

+ func (opts *FindTopicOptions) ToConds() builder.Cond

+ func (opts *FindTopicOptions) ToJoins() []db.JoinFunc

+ func (opts *FindTopicOptions) ToOrders() string

type MergeStyle

+ const MergeStyleFastForwardOnly

+ type ProjectsConfig struct

+ ProjectsMode ProjectsMode

+ func (cfg *ProjectsConfig) FromDB(bs []byte) error

+ func (cfg *ProjectsConfig) GetProjectsMode() ProjectsMode

+ func (cfg *ProjectsConfig) IsProjectsAllowed(m ProjectsMode) bool

+ func (cfg *ProjectsConfig) ToDB() ([]byte, error)

+ type ProjectsMode string

+ const ProjectsModeAll

+ const ProjectsModeNone

+ const ProjectsModeOwner

+ const ProjectsModeRepo

type PullRequestsConfig

+ AllowFastForwardOnly bool

type PushMirrorOptions

+ func (opts PushMirrorOptions) ToConds() builder.Cond

type RepoUnit

+ EveryoneAccessMode perm.AccessMode

+ func (r *RepoUnit) ProjectsConfig() *ProjectsConfig

type Repository

+ DefaultWikiBranch string

+ ObjectFormatName string

+ func (repo *Repository) GetName() string

+ func (repo *Repository) GetOwnerName() string

type RepositoryList

+ func (repos RepositoryList) IDs() []int64

+ func (repos RepositoryList) LoadUnits(ctx context.Context) error

type SearchRepoOptions

+ ForkFrom int64

+ type StarredReposOptions struct

+ IncludePrivate bool

+ RepoOwnerID int64

+ StarrerID int64

+ func (opts *StarredReposOptions) ToConds() builder.Cond

+ func (opts *StarredReposOptions) ToJoins() []db.JoinFunc

+ type WatchedReposOptions struct

+ IncludePrivate bool

+ RepoOwnerID int64

+ WatcherID int64

+ func (opts *WatchedReposOptions) ToConds() builder.Cond

+ func (opts *WatchedReposOptions) ToJoins() []db.JoinFunc

Apr 27, 2024 GO-2024-3056 +6 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Mar 28, 2024 GO-2024-3056 +6 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Sep 20, 2023 GO-2024-3056 +6 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Apr 16, 2024 GO-2024-3056 +6 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Mar 25, 2024 GO-2024-3056 +6 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Mar 22, 2024 GO-2024-3056 +6 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Mar 13, 2024 GO-2024-3056 +6 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Feb 26, 2024 GO-2024-3056 +7 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Feb 22, 2024 GO-2024-3056 +7 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Feb 1, 2024 GO-2024-3056 +7 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

type FindReleasesOptions

+ RepoID int64

+ func (opts *FindReleasesOptions) ToConds() builder.Cond

Jan 17, 2024 GO-2024-3056 +7 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Dec 21, 2023 GO-2024-3056 +7 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Dec 12, 2023 GO-2024-3056 +7 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ type ErrRepoIsArchived struct

+ Repo *Repository

+ func (err ErrRepoIsArchived) Error() string

type Repository

+ func (repo *Repository) MustNotBeArchived() error

Nov 26, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Nov 14, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ const SizeDetailNameGit

+ const SizeDetailNameLFS

+ func CountRepository(ctx context.Context, opts *SearchRepoOptions) (int64, error)

+ func InsertReleases(ctx context.Context, rels ...*Release) error

+ func UpdatePushMirrorInterval(ctx context.Context, m *PushMirror) error

+ type ActionsConfig struct

+ DisabledWorkflows []string

+ func (cfg *ActionsConfig) DisableWorkflow(file string)

+ func (cfg *ActionsConfig) EnableWorkflow(file string)

+ func (cfg *ActionsConfig) FromDB(bs []byte) error

+ func (cfg *ActionsConfig) IsWorkflowDisabled(file string) bool

+ func (cfg *ActionsConfig) ToDB() ([]byte, error)

+ func (cfg *ActionsConfig) ToString() string

type Mirror

+ RemoteAddress string

type PushMirror

+ RemoteAddress string

type Release

+ func (r *Release) APIUploadURL() string

type RepoUnit

+ func (r *RepoUnit) ActionsConfig() *ActionsConfig

type Repository

+ GitSize int64

+ LFSSize int64

+ func (repo *Repository) ComposeBranchCompareURL(baseRepo *Repository, branchName string) string

+ func (repo *Repository) SizeDetails() []SizeDetail

+ func (repo *Repository) SizeDetailsString() string

type SearchRepoOptions

+ UnitType unit.Type

+ type SizeDetail struct

+ Name string

+ Size int64

Oct 19, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Oct 6, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Sep 20, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jun 7, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Nov 26, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

type Release

+ func GetReleaseForRepoByID(ctx context.Context, repoID, id int64) (*Release, error)

Oct 3, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Sep 8, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Aug 20, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jul 29, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jul 22, 2023 GO-2024-3056 +8 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jul 16, 2023 GO-2024-3056 +9 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ var SearchOrderByMap = map[string]map[string]db.SearchOrderBy

+ func ClearRepoStars(ctx context.Context, repoID int64) error

+ func ComposeSSHCloneURL(ownerName, repoName string) string

+ func GetIssuePostersWithSearch(ctx context.Context, repo *Repository, isPull bool, search string, ...) ([]*user_model.User, error)

+ func GetTagNamesByRepoID(ctx context.Context, repoID int64) ([]string, error)

+ func IsRepositoryModelExist(ctx context.Context, u *user_model.User, repoName string) (bool, error)

+ func IsRepositoryModelOrDirExist(ctx context.Context, u *user_model.User, repoName string) (bool, error)

+ func UpdateRepositoryOwnerName(ctx context.Context, oldUserName, newUserName string) error

type Attachment

+ CustomDownloadURL string

type Repository

+ ArchivedUnix timeutil.TimeStamp

+ func GetRepositoryByURL(ctx context.Context, repoURL string) (*Repository, error)

+ func (repo *Repository) LogString() string

+ func (repo *Repository) MarkAsBrokenEmpty()

Jun 24, 2023 GO-2024-3056 +9 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jun 23, 2023 GO-2024-3056 +9 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jun 7, 2023 GO-2024-3056 +9 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Feb 22, 2023 GO-2024-3056 +9 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jul 4, 2023 GO-2024-3056 +9 more

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

type Release

+ TargetBehind string

May 3, 2023 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Apr 27, 2023 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Apr 13, 2023 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Mar 20, 2023 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

type Attachment

+ func GetAttachmentsByIssueIDImagesLatest(ctx context.Context, issueID int64) ([]*Attachment, error)

type PullRequestsConfig

+ DefaultAllowMaintainerEdit bool

type Release

+ func (r *Release) Link() string

type Repository

+ NumActionRuns int

+ NumClosedActionRuns int

+ NumOpenActionRuns int

+ func (repo *Repository) LoadOwner(ctx context.Context) (err error)

Mar 5, 2023 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Feb 22, 2023 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Oct 26, 2022 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Feb 21, 2023 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Feb 20, 2023 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jan 23, 2023 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jan 19, 2023 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jan 17, 2023 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Dec 29, 2022 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Nov 24, 2022 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Oct 25, 2022 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jun 18, 2022 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Dec 21, 2022 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func AddReleaseAttachments(ctx context.Context, releaseID int64, attachmentUUIDs []string) (err error)

+ func CountNullArchivedRepository(ctx context.Context) (int64, error)

+ func CountReleasesByRepoID(repoID int64, opts FindReleasesOptions) (int64, error)

+ func DeletePushMirrors(ctx context.Context, opts PushMirrorOptions) error

+ func DeleteReleaseByID(ctx context.Context, id int64) error

+ func DeleteUploadByUUID(uuid string) error

+ func DeleteUploads(uploads ...*Upload) (err error)

+ func ExistsRepoArchiverWithStoragePath(ctx context.Context, storagePath string) (bool, error)

+ func ExistsWithAvatarAtStoragePath(ctx context.Context, storagePath string) (bool, error)

+ func FindUserCodeAccessibleOwnerRepoIDs(ctx context.Context, ownerID int64, user *user_model.User) ([]int64, error)

+ func FixNullArchivedRepository(ctx context.Context) (int64, error)

+ func GetIssuePosters(ctx context.Context, repo *Repository, isPull bool) ([]*user_model.User, error)

+ func GetReleaseAttachments(ctx context.Context, rels ...*Release) (err error)

+ func GetReleaseCountByRepoID(ctx context.Context, repoID int64, opts FindReleasesOptions) (int64, error)

+ func IsErrReleaseAlreadyExist(err error) bool

+ func IsErrReleaseNotExist(err error) bool

+ func IsErrUploadNotExist(err error) bool

+ func IsErrWikiAlreadyExist(err error) bool

+ func IsErrWikiInvalidFileName(err error) bool

+ func IsErrWikiReservedName(err error) bool

+ func IsReleaseExist(ctx context.Context, repoID int64, tagName string) (bool, error)

+ func PushUpdateDeleteTag(repo *Repository, tagName string) error

+ func PushUpdateDeleteTagsContext(ctx context.Context, repo *Repository, tags []string) error

+ func SaveOrUpdateTag(repo *Repository, newRel *Release) error

+ func SearchRepositoryIDsByCondition(ctx context.Context, cond builder.Cond) ([]int64, error)

+ func SortReleases(rels []*Release)

+ func UpdateRelease(ctx context.Context, rel *Release) error

+ func UpdateReleasesMigrationsByType(gitServiceType structs.GitServiceType, originalAuthorID string, posterID int64) error

+ func UploadLocalPath(uuid string) string

type ErrAttachmentNotExist

+ func (err ErrAttachmentNotExist) Unwrap() error

type ErrReachLimitOfRepo

+ func (err ErrReachLimitOfRepo) Unwrap() error

type ErrRedirectNotExist

+ func (err ErrRedirectNotExist) Unwrap() error

+ type ErrReleaseAlreadyExist struct

+ TagName string

+ func (err ErrReleaseAlreadyExist) Error() string

+ func (err ErrReleaseAlreadyExist) Unwrap() error

+ type ErrReleaseNotExist struct

+ ID int64

+ TagName string

+ func (err ErrReleaseNotExist) Error() string

+ func (err ErrReleaseNotExist) Unwrap() error

type ErrRepoAlreadyExist

+ func (err ErrRepoAlreadyExist) Unwrap() error

type ErrRepoFilesAlreadyExist

+ func (err ErrRepoFilesAlreadyExist) Unwrap() error

type ErrRepoNotExist

+ func (err ErrRepoNotExist) Unwrap() error

type ErrTopicNotExist

+ func (err ErrTopicNotExist) Unwrap() error

type ErrUnitTypeNotExist

+ func (err ErrUnitTypeNotExist) Unwrap() error

+ type ErrUploadNotExist struct

+ ID int64

+ UUID string

+ func (err ErrUploadNotExist) Error() string

+ func (err ErrUploadNotExist) Unwrap() error

type ErrUserDoesNotHaveAccessToRepo

+ func (err ErrUserDoesNotHaveAccessToRepo) Unwrap() error

+ type ErrWikiAlreadyExist struct

+ Title string

+ func (err ErrWikiAlreadyExist) Error() string

+ func (err ErrWikiAlreadyExist) Unwrap() error

+ type ErrWikiInvalidFileName struct

+ FileName string

+ func (err ErrWikiInvalidFileName) Error() string

+ func (err ErrWikiInvalidFileName) Unwrap() error

+ type ErrWikiReservedName struct

+ Title string

+ func (err ErrWikiReservedName) Error() string

+ func (err ErrWikiReservedName) Unwrap() error

+ type FindReleasesOptions struct

+ HasSha1 util.OptionalBool

+ IncludeDrafts bool

+ IncludeTags bool

+ IsDraft util.OptionalBool

+ IsPreRelease util.OptionalBool

+ TagNames []string

type PushMirror

+ SyncOnCommit bool

+ func GetPushMirror(ctx context.Context, opts PushMirrorOptions) (*PushMirror, error)

+ func GetPushMirrorsSyncedOnCommit(ctx context.Context, repoID int64) ([]*PushMirror, error)

+ type PushMirrorOptions struct

+ ID int64

+ RemoteName string

+ RepoID int64

+ type Release struct

+ Attachments []*Attachment

+ CreatedUnix timeutil.TimeStamp

+ ID int64

+ IsDraft bool

+ IsPrerelease bool

+ IsTag bool

+ LowerTagName string

+ Note string

+ NumCommits int64

+ NumCommitsBehind int64

+ OriginalAuthor string

+ OriginalAuthorID int64

+ Publisher *user_model.User

+ PublisherID int64

+ RenderedNote string

+ Repo *Repository

+ RepoID int64

+ Sha1 string

+ TagName string

+ Target string

+ Title string

+ func GetLatestReleaseByRepoID(repoID int64) (*Release, error)

+ func GetRelease(repoID int64, tagName string) (*Release, error)

+ func GetReleaseByID(ctx context.Context, id int64) (*Release, error)

+ func GetReleasesByRepoID(ctx context.Context, repoID int64, opts FindReleasesOptions) ([]*Release, error)

+ func GetReleasesByRepoIDAndNames(ctx context.Context, repoID int64, tagNames []string) (rels []*Release, err error)

+ func (r *Release) APIURL() string

+ func (r *Release) GetExternalID() int64

+ func (r *Release) GetExternalName() string

+ func (r *Release) GetUserID() int64

+ func (r *Release) HTMLURL() string

+ func (r *Release) LoadAttributes(ctx context.Context) error

+ func (r *Release) RemapExternalUser(externalName string, externalID, userID int64) error

+ func (r *Release) TarURL() string

+ func (r *Release) ZipURL() string

type SearchRepoOptions

+ OnlyShowRelevant bool

+ type Upload struct

+ ID int64

+ Name string

+ UUID string

+ func GetUploadByUUID(uuid string) (*Upload, error)

+ func GetUploadsByUUIDs(uuids []string) ([]*Upload, error)

+ func NewUpload(name string, buf []byte, file multipart.File) (_ *Upload, err error)

+ func (upload *Upload) LocalPath() string

Oct 15, 2022 GO-2023-1894 +10 more

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Sep 6, 2022 GO-2022-1065 +11 more

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Aug 18, 2022 GO-2022-1065 +12 more

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jul 30, 2022 GO-2022-1065 +12 more

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ const RepositoryListDefaultPageSize

+ func AccessibleRepoIDsQuery(user *user_model.User) *builder.Builder

+ func AccessibleRepositoryCondition(user *user_model.User, unitType unit.Type) builder.Cond

+ func ChangeCollaborationAccessMode(repo *Repository, uid int64, mode perm.AccessMode) error

+ func ChangeCollaborationAccessModeCtx(ctx context.Context, repo *Repository, uid int64, mode perm.AccessMode) error

+ func CountCollaborators(repoID int64) (int64, error)

+ func DecrementRepoForkNum(ctx context.Context, repoID int64) error

+ func FindUserCodeAccessibleRepoIDs(user *user_model.User) ([]int64, error)

+ func GetRepoAssignees(ctx context.Context, repo *Repository) (_ []*user_model.User, err error)

+ func GetReviewers(ctx context.Context, repo *Repository, doerID, posterID int64) ([]*user_model.User, error)

+ func IncrementRepoForkNum(ctx context.Context, repoID int64) error

+ func IsCollaborator(ctx context.Context, repoID, userID int64) (bool, error)

+ func IsErrUserDoesNotHaveAccessToRepo(err error) bool

+ func IsOwnerMemberCollaborator(repo *Repository, userID int64) (bool, error)

+ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond

+ func SearchRepositoryIDs(opts *SearchRepoOptions) ([]int64, int64, error)

+ func StatsCorrectNumClosed(ctx context.Context, id int64, isPull bool, field string) error

+ func UpdateRepoIssueNumbers(ctx context.Context, repoID int64, isPull, isClosed bool) error

+ func UpdateRepoSize(ctx context.Context, repoID, size int64) error

+ func UserAccessRepoCond(idStr string, userID int64) builder.Cond

+ func UserAssignedRepoCond(id string, userID int64) builder.Cond

+ func UserCollaborationRepoCond(idStr string, userID int64) builder.Cond

+ func UserCreateIssueRepoCond(id string, userID int64, isPull bool) builder.Cond

+ func UserMentionedRepoCond(id string, userID int64) builder.Cond

+ func UserOrgPublicUnitRepoCond(userID, orgID int64) builder.Cond

+ func UserOrgTeamRepoCond(idStr string, userID int64) builder.Cond

+ func UserOrgUnitRepoCond(idStr string, userID, orgID int64, unitType unit.Type) builder.Cond

+ func UserOwnedRepoCond(userID int64) builder.Cond

+ type Collaboration struct

+ CreatedUnix timeutil.TimeStamp

+ ID int64

+ Mode perm.AccessMode

+ RepoID int64

+ UpdatedUnix timeutil.TimeStamp

+ UserID int64

+ func GetCollaboration(ctx context.Context, repoID, uid int64) (*Collaboration, error)

+ type Collaborator struct

+ Collaboration *Collaboration

+ func GetCollaborators(ctx context.Context, repoID int64, listOptions db.ListOptions) ([]*Collaborator, error)

+ type CountRepositoryOptions struct

+ OwnerID int64

+ Private util.OptionalBool

+ type ErrUserDoesNotHaveAccessToRepo struct

+ RepoName string

+ UserID int64

+ func (err ErrUserDoesNotHaveAccessToRepo) Error() string

type ExternalTrackerConfig

+ ExternalTrackerRegexpPattern string

type PullRequestsConfig

+ AllowRebaseUpdate bool

type Repository

+ func FindUserOrgForks(ctx context.Context, repoID, userID int64) ([]*Repository, error)

+ func GetForksByUserAndOrgs(ctx context.Context, user *user_model.User, repo *Repository) ([]*Repository, error)

+ func GetStarredRepos(userID int64, private bool, listOptions db.ListOptions) ([]*Repository, error)

+ func GetWatchedRepos(userID int64, private bool, listOptions db.ListOptions) ([]*Repository, int64, error)

+ func ValuesRepository(m map[int64]*Repository) []*Repository

+ func (repo *Repository) LoadAttributes(ctx context.Context) error

+ func (repo *Repository) UnitEnabledCtx(ctx context.Context, tp unit.Type) bool

+ type RepositoryList []*Repository

+ func GetUserRepositories(opts *SearchRepoOptions) (RepositoryList, int64, error)

+ func RepositoryListOfMap(repoMap map[int64]*Repository) RepositoryList

+ func SearchRepository(opts *SearchRepoOptions) (RepositoryList, int64, error)

+ func SearchRepositoryByCondition(opts *SearchRepoOptions, cond builder.Cond, loadAttributes bool) (RepositoryList, int64, error)

+ func SearchRepositoryByName(opts *SearchRepoOptions) (RepositoryList, int64, error)

+ func (repos RepositoryList) Len() int

+ func (repos RepositoryList) Less(i, j int) bool

+ func (repos RepositoryList) LoadAttributes() error

+ func (repos RepositoryList) Swap(i, j int)

+ type SearchOrderBy string

+ const SearchOrderByAlphabetically

+ const SearchOrderByAlphabeticallyReverse

+ const SearchOrderByForks

+ const SearchOrderByForksReverse

+ const SearchOrderByID

+ const SearchOrderByIDReverse

+ const SearchOrderByLeastUpdated

+ const SearchOrderByNewest

+ const SearchOrderByOldest

+ const SearchOrderByRecentUpdated

+ const SearchOrderBySize

+ const SearchOrderBySizeReverse

+ const SearchOrderByStars

+ const SearchOrderByStarsReverse

+ func (s SearchOrderBy) String() string

+ type SearchRepoOptions struct

+ Actor *user_model.User

+ AllLimited bool

+ AllPublic bool

+ Archived util.OptionalBool

+ Collaborate util.OptionalBool

+ Fork util.OptionalBool

+ HasMilestones util.OptionalBool

+ IncludeDescription bool

+ IsPrivate util.OptionalBool

+ Keyword string

+ Language string

+ LowerNames []string

+ Mirror util.OptionalBool

+ OrderBy db.SearchOrderBy

+ OwnerID int64

+ PriorityOwnerID int64

+ Private bool

+ StarredByID int64

+ TeamID int64

+ Template util.OptionalBool

+ TopicOnly bool

+ WatchedByID int64

Jul 19, 2022 GO-2022-1065 +12 more

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jun 20, 2022 GO-2022-1065 +12 more

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jan 19, 2022 GO-2022-1065 +12 more

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jun 21, 2022 GO-2022-1065 +12 more

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

May 16, 2022 GO-2022-0612 +14 more

  GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

May 2, 2022 GO-2022-0612 +14 more

  GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Apr 20, 2022 GO-2022-0450 +15 more

  GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

  GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func TouchMirror(ctx context.Context, m *Mirror) error

Mar 24, 2022 GO-2022-0450 +15 more

  GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

  GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Mar 14, 2022 GO-2022-0450 +16 more

  GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

  GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

  GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Mar 3, 2022 GO-2022-0442 +18 more

  GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

  GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

  GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

  GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

  GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Feb 24, 2022 GO-2022-0442 +18 more

  GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

  GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

  GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

  GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

  GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Feb 6, 2022 GO-2022-0442 +18 more

  GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

  GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

  GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

  GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

  GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Jan 30, 2022 GO-2022-0442 +18 more

  GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

  GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

  GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

  GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

  GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ const ArchiverGenerating

+ const ArchiverReady

+ var ErrMirrorNotExist = errors.New("Mirror does not exist")

+ var ErrPushMirrorNotExist = errors.New("PushMirror does not exist")

+ func AddRepoArchiver(ctx context.Context, archiver *RepoArchiver) error

+ func AttachmentRelativePath(uuid string) string

+ func ChangeRepositoryName(doer *user_model.User, repo *Repository, newRepoName string) (err error)

+ func CheckCreateRepository(doer, u *user_model.User, name string, overwriteOrAdopt bool) error

+ func ComposeHTTPSCloneURL(owner, repo string) string

+ func CopyLanguageStat(originalRepo, destRepo *Repository) error

+ func CountOrphanedAttachments() (int64, error)

+ func CountRepositories(private bool) int64

+ func CountTopics(opts *FindTopicOptions) (int64, error)

+ func CountUserRepositories(userID int64, private bool) int64

+ func DeleteAllRepoArchives() error

+ func DeleteAttachment(a *Attachment, remove bool) error

+ func DeleteAttachments(ctx context.Context, attachments []*Attachment, remove bool) (int, error)

+ func DeleteAttachmentsByComment(commentID int64, remove bool) (int, error)

+ func DeleteAttachmentsByIssue(issueID int64, remove bool) (int, error)

+ func DeleteAttachmentsByRelease(releaseID int64) error

+ func DeleteMirrorByRepoID(repoID int64) error

+ func DeleteOrphanedAttachments() error

+ func DeletePushMirrorByID(ID int64) error

+ func DeletePushMirrorsByRepoID(repoID int64) error

+ func DeleteRedirect(ctx context.Context, ownerID int64, repoName string) error

+ func DeleteRepoArchiver(ctx context.Context, archiver *RepoArchiver) error

+ func ExistAttachmentsByUUID(uuid string) (bool, error)

+ func FindReposMapByIDs(repoIDs []int64, res map[int64]*Repository) error

+ func GenerateTopics(ctx context.Context, templateRepo, generateRepo *Repository) error

+ func GetPrivateRepositoryCount(u *user_model.User) (int64, error)

+ func GetPublicRepositoryCount(u *user_model.User) (int64, error)

+ func GetRepoWatchers(repoID int64, opts db.ListOptions) ([]*user_model.User, error)

+ func GetRepoWatchersIDs(ctx context.Context, repoID int64) ([]int64, error)

+ func GetRepositoriesMapByIDs(ids []int64) (map[int64]*Repository, error)

+ func GetRepositoryCount(ctx context.Context, ownerID int64) (int64, error)

+ func GetStargazers(repo *Repository, opts db.ListOptions) ([]*user_model.User, error)

+ func GetUnindexedRepos(indexerType RepoIndexerType, maxRepoID int64, page, pageSize int) ([]int64, error)

+ func GitConfigPath(repoPath string) string

+ func HasForkedRepo(ownerID, repoID int64) bool

+ func InsertMirror(mirror *Mirror) error

+ func InsertPushMirror(m *PushMirror) error

+ func IsErrAttachmentNotExist(err error) bool

+ func IsErrReachLimitOfRepo(err error) bool

+ func IsErrRedirectNotExist(err error) bool

+ func IsErrRepoAlreadyExist(err error) bool

+ func IsErrRepoFilesAlreadyExist(err error) bool

+ func IsErrRepoNotExist(err error) bool

+ func IsErrTopicNotExist(err error) bool

+ func IsErrUnitTypeNotExist(err error) bool

+ func IsRepositoryExist(u *user_model.User, repoName string) (bool, error)

+ func IsRepositoryExistCtx(ctx context.Context, u *user_model.User, repoName string) (bool, error)

+ func IsStaring(userID, repoID int64) bool

+ func IsUsableRepoName(name string) error

+ func IsWatchMode(mode WatchMode) bool

+ func IsWatching(userID, repoID int64) bool

+ func IterateAttachment(f func(attach *Attachment) error) error

+ func IterateRepository(f func(repo *Repository) error) error

+ func LookupRedirect(ownerID int64, repoName string) (int64, error)

+ func MirrorsIterate(f func(idx int, bean interface{}) error) error

+ func NewRedirect(ctx context.Context, ownerID, repoID int64, oldRepoName, newRepoName string) error

+ func PushMirrorsIterate(f func(idx int, bean interface{}) error) error

+ func RemoveTopicsFromRepo(ctx context.Context, repoID int64) error

+ func RepoPath(userName, repoName string) string

+ func SanitizeAndValidateTopics(topics []string) (validTopics, invalidTopics []string)

+ func SaveTopics(repoID int64, topicNames ...string) error

+ func SetArchiveRepoState(repo *Repository, isArchived bool) (err error)

+ func StarRepo(userID, repoID int64, star bool) error

+ func UpdateAttachment(atta *Attachment) error

+ func UpdateAttachmentByUUID(ctx context.Context, attach *Attachment, cols ...string) error

+ func UpdateAttachmentCtx(ctx context.Context, atta *Attachment) error

+ func UpdateDefaultBranch(repo *Repository) error

+ func UpdateIndexerStatus(repo *Repository, indexerType RepoIndexerType, sha string) error

+ func UpdateLanguageStats(repo *Repository, commitID string, stats map[string]int64) error

+ func UpdateMirror(m *Mirror) error

+ func UpdatePushMirror(m *PushMirror) error

+ func UpdateRepoArchiverStatus(ctx context.Context, archiver *RepoArchiver) error

+ func UpdateRepoUnit(unit *RepoUnit) error

+ func UpdateRepositoryCols(repo *Repository, cols ...string) error

+ func UpdateRepositoryColsCtx(ctx context.Context, repo *Repository, cols ...string) error

+ func UpdateRepositoryOwnerNames(ownerID int64, ownerName string) error

+ func UpdateRepositoryUnits(repo *Repository, units []RepoUnit, deleteUnitTypes []unit.Type) (err error)

+ func UpdateRepositoryUpdatedTime(repoID int64, updateTime time.Time) error

+ func ValidateTopic(topic string) bool

+ func WatchIfAuto(userID, repoID int64, isWrite bool) error

+ func WatchRepo(userID, repoID int64, watch bool) (err error)

+ func WatchRepoCtx(ctx context.Context, userID, repoID int64, doWatch bool) (err error)

+ func WatchRepoMode(userID, repoID int64, mode WatchMode) (err error)

+ func WikiPath(userName, repoName string) string

+ type ArchiverStatus int

+ type Attachment struct

+ CommentID int64

+ CreatedUnix timeutil.TimeStamp

+ DownloadCount int64

+ ID int64

+ IssueID int64

+ Name string

+ ReleaseID int64

+ RepoID int64

+ Size int64

+ UUID string

+ UploaderID int64

+ func GetAttachmentByID(id int64) (*Attachment, error)

+ func GetAttachmentByReleaseIDFileName(releaseID int64, fileName string) (*Attachment, error)

+ func GetAttachmentByUUID(uuid string) (*Attachment, error)

+ func GetAttachmentsByCommentID(commentID int64) ([]*Attachment, error)

+ func GetAttachmentsByCommentIDCtx(ctx context.Context, commentID int64) ([]*Attachment, error)

+ func GetAttachmentsByIssueID(issueID int64) ([]*Attachment, error)

+ func GetAttachmentsByIssueIDCtx(ctx context.Context, issueID int64) ([]*Attachment, error)

+ func GetAttachmentsByUUIDs(ctx context.Context, uuids []string) ([]*Attachment, error)

+ func (a *Attachment) DownloadURL() string

+ func (a *Attachment) IncreaseDownloadCount() error

+ func (a *Attachment) RelativePath() string

+ type CloneLink struct

+ Git string

+ HTTPS string

+ SSH string

+ type ErrAttachmentNotExist struct

+ ID int64

+ UUID string

+ func (err ErrAttachmentNotExist) Error() string

+ type ErrReachLimitOfRepo struct

+ Limit int

+ func (err ErrReachLimitOfRepo) Error() string

+ type ErrRedirectNotExist struct

+ OwnerID int64

+ RepoName string

+ func (err ErrRedirectNotExist) Error() string

+ type ErrRepoAlreadyExist struct

+ Name string

+ Uname string

+ func (err ErrRepoAlreadyExist) Error() string

+ type ErrRepoFilesAlreadyExist struct

+ Name string

+ Uname string

+ func (err ErrRepoFilesAlreadyExist) Error() string

+ type ErrRepoNotExist struct

+ ID int64

+ Name string

+ OwnerName string

+ UID int64

+ func (err ErrRepoNotExist) Error() string

+ type ErrTopicNotExist struct

+ Name string

+ func (err ErrTopicNotExist) Error() string

+ type ErrUnitTypeNotExist struct

+ UT unit.Type

+ func (err ErrUnitTypeNotExist) Error() string

+ type ExternalTrackerConfig struct

+ ExternalTrackerFormat string

+ ExternalTrackerStyle string

+ ExternalTrackerURL string

+ func (cfg *ExternalTrackerConfig) FromDB(bs []byte) error

+ func (cfg *ExternalTrackerConfig) ToDB() ([]byte, error)

+ type ExternalWikiConfig struct

+ ExternalWikiURL string

+ func (cfg *ExternalWikiConfig) FromDB(bs []byte) error

+ func (cfg *ExternalWikiConfig) ToDB() ([]byte, error)

+ type FindRepoArchiversOption struct

+ OlderThan time.Duration

+ type FindTopicOptions struct

+ Keyword string

+ RepoID int64

+ type IssuesConfig struct

+ AllowOnlyContributorsToTrackTime bool

+ EnableDependencies bool

+ EnableTimetracker bool

+ func (cfg *IssuesConfig) FromDB(bs []byte) error

+ func (cfg *IssuesConfig) ToDB() ([]byte, error)

+ type LanguageStat struct

+ Color string

+ CommitID string

+ CreatedUnix timeutil.TimeStamp

+ ID int64

+ IsPrimary bool

+ Language string

+ Percentage float32

+ RepoID int64

+ Size int64

+ type LanguageStatList []*LanguageStat

+ func GetLanguageStats(repo *Repository) (LanguageStatList, error)

+ func GetTopLanguageStats(repo *Repository, limit int) (LanguageStatList, error)

+ func (stats LanguageStatList) LoadAttributes()

+ type MergeStyle string

+ const MergeStyleManuallyMerged

+ const MergeStyleMerge

+ const MergeStyleRebase

+ const MergeStyleRebaseMerge

+ const MergeStyleRebaseUpdate

+ const MergeStyleSquash

+ type Mirror struct

+ Address string

+ EnablePrune bool

+ ID int64

+ Interval time.Duration

+ LFS bool

+ LFSEndpoint string

+ NextUpdateUnix timeutil.TimeStamp

+ Repo *Repository

+ RepoID int64

+ UpdatedUnix timeutil.TimeStamp

+ func GetMirrorByRepoID(repoID int64) (*Mirror, error)

+ func (m *Mirror) AfterLoad(session *xorm.Session)

+ func (m *Mirror) BeforeInsert()

+ func (m *Mirror) GetRemoteName() string

+ func (m *Mirror) GetRepository() *Repository

+ func (m *Mirror) ScheduleNextUpdate()

+ type MirrorRepositoryList []*Repository

+ func (repos MirrorRepositoryList) LoadAttributes() error

+ type PullRequestsConfig struct

+ AllowManualMerge bool

+ AllowMerge bool

+ AllowRebase bool

+ AllowRebaseMerge bool

+ AllowSquash bool

+ AutodetectManualMerge bool

+ DefaultDeleteBranchAfterMerge bool

+ DefaultMergeStyle MergeStyle

+ IgnoreWhitespaceConflicts bool

+ func (cfg *PullRequestsConfig) AllowedMergeStyleCount() int

+ func (cfg *PullRequestsConfig) FromDB(bs []byte) error

+ func (cfg *PullRequestsConfig) GetDefaultMergeStyle() MergeStyle

+ func (cfg *PullRequestsConfig) IsMergeStyleAllowed(mergeStyle MergeStyle) bool

+ func (cfg *PullRequestsConfig) ToDB() ([]byte, error)

+ type PushMirror struct

+ CreatedUnix timeutil.TimeStamp

+ ID int64

+ Interval time.Duration

+ LastError string

+ LastUpdateUnix timeutil.TimeStamp

+ RemoteName string

+ Repo *Repository

+ RepoID int64

+ func GetPushMirrorByID(ID int64) (*PushMirror, error)

+ func GetPushMirrorsByRepoID(repoID int64) ([]*PushMirror, error)

+ func (m *PushMirror) AfterLoad(session *xorm.Session)

+ func (m *PushMirror) GetRemoteName() string

+ func (m *PushMirror) GetRepository() *Repository

+ type Redirect struct

+ ID int64

+ LowerName string

+ OwnerID int64

+ RedirectRepoID int64

+ func (Redirect) TableName() string

+ type RemoteMirrorer interface

+ GetRemoteName func() string

+ GetRepository func() *Repository

+ type RepoArchiver struct

+ CommitID string

+ CreatedUnix timeutil.TimeStamp

+ ID int64

+ RepoID int64

+ Status ArchiverStatus

+ Type git.ArchiveType

+ func FindRepoArchives(opts FindRepoArchiversOption) ([]*RepoArchiver, error)

+ func GetRepoArchiver(ctx context.Context, repoID int64, tp git.ArchiveType, commitID string) (*RepoArchiver, error)

+ func (archiver *RepoArchiver) RelativePath() (string, error)

+ type RepoIndexerStatus struct

+ CommitSha string

+ ID int64

+ IndexerType RepoIndexerType

+ RepoID int64

+ func GetIndexerStatus(repo *Repository, indexerType RepoIndexerType) (*RepoIndexerStatus, error)

+ type RepoIndexerType int

+ const RepoIndexerTypeCode

+ const RepoIndexerTypeStats

+ type RepoTopic struct

+ RepoID int64

+ TopicID int64

+ type RepoUnit struct

+ Config convert.Conversion

+ CreatedUnix timeutil.TimeStamp

+ ID int64

+ RepoID int64

+ Type unit.Type

+ func (r *RepoUnit) BeforeSet(colName string, val xorm.Cell)

+ func (r *RepoUnit) CodeConfig() *UnitConfig

+ func (r *RepoUnit) ExternalTrackerConfig() *ExternalTrackerConfig

+ func (r *RepoUnit) ExternalWikiConfig() *ExternalWikiConfig

+ func (r *RepoUnit) IssuesConfig() *IssuesConfig

+ func (r *RepoUnit) PullRequestsConfig() *PullRequestsConfig

+ func (r *RepoUnit) ReleasesConfig() *UnitConfig

+ func (r *RepoUnit) Unit() unit.Unit

+ type Repository struct

+ Avatar string

+ BaseRepo *Repository

+ CloseIssuesViaCommitInAnyBranch bool

+ CodeIndexerStatus *RepoIndexerStatus

+ CreatedUnix timeutil.TimeStamp

+ DefaultBranch string

+ Description string

+ DocumentRenderingMetas map[string]string

+ ForkID int64

+ ID int64

+ IsArchived bool

+ IsEmpty bool

+ IsFork bool

+ IsFsckEnabled bool

+ IsMirror bool

+ IsPrivate bool

+ IsTemplate bool

+ LowerName string

+ Name string

+ NumClosedIssues int

+ NumClosedMilestones int

+ NumClosedProjects int

+ NumClosedPulls int

+ NumForks int

+ NumIssues int

+ NumMilestones int

+ NumOpenIssues int

+ NumOpenMilestones int

+ NumOpenProjects int

+ NumOpenPulls int

+ NumProjects int

+ NumPulls int

+ NumStars int

+ NumWatches int

+ OriginalServiceType api.GitServiceType

+ OriginalURL string

+ Owner *user_model.User

+ OwnerID int64

+ OwnerName string

+ PrimaryLanguage *LanguageStat

+ RenderingMetas map[string]string

+ Size int64

+ StatsIndexerStatus *RepoIndexerStatus

+ Status RepositoryStatus

+ TemplateID int64

+ Topics []string

+ TrustModel TrustModelType

+ Units []*RepoUnit

+ UpdatedUnix timeutil.TimeStamp

+ Website string

+ func GetForkedRepo(ownerID, repoID int64) *Repository

+ func GetForks(repo *Repository, listOptions db.ListOptions) ([]*Repository, error)

+ func GetRepositoriesByForkID(ctx context.Context, forkID int64) ([]*Repository, error)

+ func GetRepositoryByID(id int64) (*Repository, error)

+ func GetRepositoryByIDCtx(ctx context.Context, id int64) (*Repository, error)

+ func GetRepositoryByName(ownerID int64, name string) (*Repository, error)

+ func GetRepositoryByOwnerAndName(ownerName, repoName string) (*Repository, error)

+ func GetRepositoryByOwnerAndNameCtx(ctx context.Context, ownerName, repoName string) (*Repository, error)

+ func GetTemplateRepo(repo *Repository) (*Repository, error)

+ func GetUserFork(repoID, userID int64) (*Repository, error)

+ func GetUserMirrorRepositories(userID int64) ([]*Repository, error)

+ func (repo *Repository) APIURL() string

+ func (repo *Repository) AfterLoad()

+ func (repo *Repository) AllowOnlyContributorsToTrackTime() bool

+ func (repo *Repository) AllowsPulls() bool

+ func (repo *Repository) AvatarLink() string

+ func (repo *Repository) CanCreateBranch() bool

+ func (repo *Repository) CanEnableEditor() bool

+ func (repo *Repository) CanEnablePulls() bool

+ func (repo *Repository) CanEnableTimetracker() bool

+ func (repo *Repository) CloneLink() (cl *CloneLink)

+ func (repo *Repository) ColorFormat(s fmt.State)

+ func (repo *Repository) CommitLink(commitID string) (result string)

+ func (repo *Repository) ComposeCompareURL(oldCommitID, newCommitID string) string

+ func (repo *Repository) ComposeDocumentMetas() map[string]string

+ func (repo *Repository) ComposeMetas() map[string]string

+ func (repo *Repository) CustomAvatarRelativePath() string

+ func (repo *Repository) DescriptionHTML() template.HTML

+ func (repo *Repository) FullName() string

+ func (repo *Repository) GetBaseRepo() (err error)

+ func (repo *Repository) GetCommitsCountCacheKey(contextName string, isRef bool) string

+ func (repo *Repository) GetOriginalURLHostname() string

+ func (repo *Repository) GetOwner(ctx context.Context) (err error)

+ func (repo *Repository) GetTrustModel() TrustModelType

+ func (repo *Repository) GetUnit(tp unit.Type) (*RepoUnit, error)

+ func (repo *Repository) GetUnitCtx(ctx context.Context, tp unit.Type) (*RepoUnit, error)

+ func (repo *Repository) GitConfigPath() string

+ func (repo *Repository) HTMLURL() string

+ func (repo *Repository) HasWiki() bool

+ func (repo *Repository) IsBeingCreated() bool

+ func (repo *Repository) IsBeingMigrated() bool

+ func (repo *Repository) IsBroken() bool

+ func (repo *Repository) IsDependenciesEnabled() bool

+ func (repo *Repository) IsDependenciesEnabledCtx(ctx context.Context) bool

+ func (repo *Repository) IsGenerated() bool

+ func (repo *Repository) IsOwnedBy(userID int64) bool

+ func (repo *Repository) IsTimetrackerEnabled() bool

+ func (repo *Repository) IsTimetrackerEnabledCtx(ctx context.Context) bool

+ func (repo *Repository) Link() string

+ func (repo *Repository) LoadUnits(ctx context.Context) (err error)

+ func (repo *Repository) MustGetUnit(tp unit.Type) *RepoUnit

+ func (repo *Repository) MustOwner() *user_model.User

+ func (repo *Repository) RelAvatarLink() string

+ func (repo *Repository) RepoPath() string

+ func (repo *Repository) SanitizedOriginalURL() string

+ func (repo *Repository) TemplateRepo() *Repository

+ func (repo *Repository) UnitEnabled(tp unit.Type) bool

+ func (repo *Repository) WikiCloneLink() *CloneLink

+ func (repo *Repository) WikiPath() string

+ type RepositoryStatus int

+ const RepositoryBeingMigrated

+ const RepositoryBroken

+ const RepositoryPendingTransfer

+ const RepositoryReady

+ type Star struct

+ CreatedUnix timeutil.TimeStamp

+ ID int64

+ RepoID int64

+ UID int64

+ type Topic struct

+ CreatedUnix timeutil.TimeStamp

+ ID int64

+ Name string

+ RepoCount int

+ UpdatedUnix timeutil.TimeStamp

+ func AddTopic(repoID int64, topicName string) (*Topic, error)

+ func DeleteTopic(repoID int64, topicName string) (*Topic, error)

+ func FindTopics(opts *FindTopicOptions) ([]*Topic, int64, error)

+ func GetRepoTopicByName(repoID int64, topicName string) (*Topic, error)

+ func GetTopicByName(name string) (*Topic, error)

+ type TrustModelType int

+ const CollaboratorCommitterTrustModel

+ const CollaboratorTrustModel

+ const CommitterTrustModel

+ const DefaultTrustModel

+ func ToTrustModel(model string) TrustModelType

+ func (t TrustModelType) String() string

+ type UnitConfig struct

+ func (cfg *UnitConfig) FromDB(bs []byte) error

+ func (cfg *UnitConfig) ToDB() ([]byte, error)

+ type Watch struct

+ CreatedUnix timeutil.TimeStamp

+ ID int64

+ Mode WatchMode

+ RepoID int64

+ UpdatedUnix timeutil.TimeStamp

+ UserID int64

+ func GetWatch(ctx context.Context, userID, repoID int64) (Watch, error)

+ func GetWatchers(ctx context.Context, repoID int64) ([]*Watch, error)

+ type WatchMode int8

+ const WatchModeAuto

+ const WatchModeDont

+ const WatchModeNone

+ const WatchModeNormal

Jan 19, 2022 GO-2022-0442 +18 more

  GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

  GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

  GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

  GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

  GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

  GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

  GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

  GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

  GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

  GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

  GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

  GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

  GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

  GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

  GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

  GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

  GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

  GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

  GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea