Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

repo

package

Go to main page

Versions in this module

v1

v1.15.0-dev

Mar 19, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.14.7

Sep 2, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.14.6

Aug 5, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.14.5

Jul 16, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.14.4

Jul 6, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.14.3

Jun 18, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.14.2

May 9, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.14.1

Apr 16, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.14.0

Apr 11, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func DeleteTag(ctx *context.Context)

+ func DeleteTime(c *context.Context)

+ func DismissReview(ctx *context.Context)

+ func EditProjectBoard(ctx *context.Context)

+ func GetActiveStopwatch(c *context.Context)

+ func GetIdxFile(ctx *context.Context)

+ func GetInfoPacks(ctx *context.Context)

+ func GetInfoRefs(ctx *context.Context)

+ func GetLooseObject(ctx *context.Context)

+ func GetPackFile(ctx *context.Context)

+ func GetTextFile(p string) func(*context.Context)

+ func InitiateDownload(ctx *context.Context)

+ func RenderNewCodeCommentForm(ctx *context.Context)

+ func ServiceReceivePack(ctx *context.Context)

+ func ServiceUploadPack(ctx *context.Context)

+ func SetDefaultProjectBoard(ctx *context.Context)

+ func TagsList(ctx *context.Context)

+ type StopwatchTmplInfo struct

+ IssueIndex int64

+ RepoSlug string

+ Seconds int64

v1.14.0-rc2

Mar 23, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.14.0-rc1

Mar 20, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.14.0-dev

Oct 14, 2020 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.13.7

Apr 7, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.13.6

Mar 23, 2021 GO-2022-0442 +19 more

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.13.5

Mar 21, 2021 GO-2022-0353 +20 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.13.4

Mar 7, 2021 GO-2022-0353 +20 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.13.3

Mar 4, 2021 GO-2022-0353 +21 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.13.2

Feb 1, 2021 GO-2022-0353 +21 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.13.1

Dec 28, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.13.0

Dec 2, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func AddBoardToProjectPost(ctx *context.Context, form auth.EditProjectBoardTitleForm)

+ func ChangeMilestoneStatus(ctx *context.Context)

+ func ChangeProjectStatus(ctx *context.Context)

+ func CreateProject(ctx *context.Context)

+ func CreateProjectPost(ctx *context.Context, form auth.UserCreateProjectForm)

+ func DeleteProject(ctx *context.Context)

+ func DeleteProjectBoard(ctx *context.Context)

+ func EditProject(ctx *context.Context)

+ func EditProjectBoardTitle(ctx *context.Context, form auth.EditProjectBoardTitleForm)

+ func EditProjectPost(ctx *context.Context, form auth.CreateProjectForm)

+ func MoveIssueAcrossBoards(ctx *context.Context)

+ func MustEnableProjects(ctx *context.Context)

+ func NewIssueChooseTemplate(ctx *context.Context)

+ func NewProject(ctx *context.Context)

+ func NewProjectPost(ctx *context.Context, form auth.CreateProjectForm)

+ func Projects(ctx *context.Context)

+ func UpdateIssueProject(ctx *context.Context)

+ func UpdateIssueRef(ctx *context.Context)

+ func UploadReleaseAttachment(ctx *context.Context)

+ func ViewProject(ctx *context.Context)

v1.13.0-rc2

Nov 10, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.13.0-rc1

Oct 14, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.13.0-dev

May 17, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.12.6

Nov 16, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.12.5

Oct 1, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.12.4

Sep 3, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.12.3

Jul 28, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.12.2

Jul 11, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.12.1

Jun 21, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.12.0

Jun 18, 2020 GO-2022-0353 +22 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func FeishuHooksEditPost(ctx *context.Context, form auth.NewFeishuHookForm)

+ func FeishuHooksNewPost(ctx *context.Context, form auth.NewFeishuHookForm)

+ func GetEditorConfig(ctx *context.Context, treePath string) string

+ func GiteaHooksNewPost(ctx *context.Context, form auth.NewWebhookForm)

+ func LatestRelease(ctx *context.Context)

+ func MatrixHooksEditPost(ctx *context.Context, form auth.NewMatrixHookForm)

+ func MatrixHooksNewPost(ctx *context.Context, form auth.NewMatrixHookForm)

+ func RetrieveRepoReviewers(ctx *context.Context, repo *models.Repository, issuePosterID int64)

+ func SingleRelease(ctx *context.Context)

+ func UpdatePullRequest(ctx *context.Context)

+ func UpdatePullReviewRequest(ctx *context.Context)

+ func UpdateResolveConversation(ctx *context.Context)

v1.12.0-rc2

Jun 8, 2020 GO-2022-0353 +23 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.12.0-rc1

May 18, 2020 GO-2022-0353 +23 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.12.0-dev

Jan 8, 2020 GO-2022-0353 +23 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.11.8

Jun 21, 2020 GO-2022-0353 +23 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.11.7

Jun 18, 2020 GO-2022-0353 +23 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.11.6

May 30, 2020 GO-2022-0353 +23 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.11.5

May 9, 2020 GO-2022-0353 +23 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.11.4

Apr 1, 2020 GO-2022-0353 +23 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.11.3

Mar 10, 2020 GO-2022-0353 +23 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.11.2

Mar 6, 2020 GO-2022-0353 +23 more

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.11.1

Feb 16, 2020 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.11.0

Feb 10, 2020 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func DeleteAttachment(ctx *context.Context)

+ func DownloadPullDiffOrPatch(ctx *context.Context, patch bool)

+ func ExcerptBlob(ctx *context.Context)

+ func GetAttachment(ctx *context.Context)

+ func GetCommentAttachments(ctx *context.Context)

+ func GetIssueAttachments(ctx *context.Context)

+ func LFSAutoAssociate(ctx *context.Context)

+ func LFSDelete(ctx *context.Context)

+ func LFSFileFind(ctx *context.Context)

+ func LFSFileGet(ctx *context.Context)

+ func LFSFiles(ctx *context.Context)

+ func LFSLockFile(ctx *context.Context)

+ func LFSLocks(ctx *context.Context)

+ func LFSPointerFiles(ctx *context.Context)

+ func LFSUnlock(ctx *context.Context)

+ func UpdatePullRequestTarget(ctx *context.Context)

type Branch

+ IsIncluded bool

v1.11.0-rc2

Jan 22, 2020 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.11.0-rc1

Jan 8, 2020 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.11.0-dev

Oct 14, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.10.6

Mar 10, 2020 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.10.5

Mar 6, 2020 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.10.4

Feb 16, 2020 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.10.3

Jan 17, 2020 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

type Branch

+ MergeMovedOn bool

v1.10.2

Jan 2, 2020 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.10.1

Dec 5, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.10.0

Nov 14, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func AddTeamPost(ctx *context.Context)

+ func DeleteTeam(ctx *context.Context)

+ func Status(ctx *context.Context)

+ func WikiRevision(ctx *context.Context)

v1.10.0-rc2

Oct 30, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.10.0-rc1

Oct 14, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.10.0-dev

Jul 6, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.9.6

Nov 13, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.9.5

Oct 30, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.9.4

Oct 8, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.9.3

Sep 7, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.9.2

Aug 22, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.9.1

Aug 14, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.9.0

Jul 31, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func ActivityAuthors(ctx *context.Context)

+ func GetClosestParentWithFiles(treePath string, commit *git.Commit) string

+ func GetUniquePatchBranchName(ctx *context.Context) string

+ func MSTeamsHooksEditPost(ctx *context.Context, form auth.NewMSTeamsHookForm)

+ func MSTeamsHooksNewPost(ctx *context.Context, form auth.NewMSTeamsHookForm)

+ func RefBlame(ctx *context.Context)

+ func SettingsAvatar(ctx *context.Context, form auth.AvatarForm)

+ func SettingsDeleteAvatar(ctx *context.Context)

+ func TelegramHooksEditPost(ctx *context.Context, form auth.NewTelegramHookForm)

+ func TelegramHooksNewPost(ctx *context.Context, form auth.NewTelegramHookForm)

+ func UpdateAvatarSetting(ctx *context.Context, form auth.AvatarForm) error

type Branch

+ CommitsAhead int

+ CommitsBehind int

+ LatestPullRequest *models.PullRequest

v1.9.0-rc2

Jul 15, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.9.0-rc1

Jul 6, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.9.0-dev

Mar 19, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.8.3

Jun 17, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.8.2

May 29, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.8.1

May 8, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.8.0

Apr 20, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func DownloadByIDOrLFS(ctx *context.Context)

+ func LockIssue(ctx *context.Context, form auth.IssueLockForm)

+ func MustAllowUserComment(ctx *context.Context)

+ func MustBeNotEmpty(ctx *context.Context)

+ func RedirectDownload(ctx *context.Context)

+ func ServeBlobOrLFS(ctx *context.Context, blob *git.Blob) error

+ func SingleDownloadOrLFS(ctx *context.Context)

+ func UnlockIssue(ctx *context.Context)

v1.8.0-rc3

Apr 13, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.8.0-rc2

Mar 27, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.8.0-rc1

Mar 19, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.7.6

Apr 13, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.7.5

Mar 27, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.7.4

Mar 13, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.7.3

Feb 27, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.7.2

Feb 15, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.7.1

Jan 31, 2019 GO-2022-0310 +23 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.7.0

Jan 22, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func DownloadByID(ctx *context.Context)

+ func MilestoneIssuesAndPulls(ctx *context.Context)

v1.7.0-rc3

Jan 18, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.7.0-rc2

Jan 4, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.7.0-rc1

Jan 3, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.7.0-dev

Jan 3, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.6.4

Jan 16, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.6.3

Jan 4, 2019 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.6.2

Dec 21, 2018 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.6.1

Dec 9, 2018 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.6.0

Nov 23, 2018 GO-2022-0310 +24 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func AddDependency(ctx *context.Context)

+ func CreateCodeComment(ctx *context.Context, form auth.CodeCommentForm)

+ func RemoveDependency(ctx *context.Context)

+ func SetWhitespaceBehavior(ctx *context.Context)

+ func SubmitReview(ctx *context.Context, form auth.SubmitReviewForm)

v1.6.0-rc2

Nov 4, 2018 GO-2022-0310 +25 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.6.0-rc1

Oct 17, 2018 GO-2022-0310 +25 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.6.0-dev

Oct 17, 2018 GO-2022-0310 +25 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.5.3

Oct 31, 2018 GO-2022-0310 +25 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.5.2

Oct 9, 2018 GO-2022-0310 +25 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.5.1

Sep 3, 2018 GO-2022-0310 +26 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.5.0

Aug 10, 2018 GO-2022-0310 +26 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func RemoveDeadline(ctx *context.Context)

+ func TopicsPost(ctx *context.Context)

+ func UpdateDeadline(ctx *context.Context, form auth.DeadlineForm)

v1.5.0-rc2

Jul 21, 2018 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.5.0-rc1

Jul 3, 2018 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.5.0-dev

Jul 3, 2018 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.4.3

Jun 26, 2018 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.4.2

Jun 4, 2018 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.4.1

May 3, 2018 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.4.0

Mar 25, 2018 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func ChangeCommentReaction(ctx *context.Context, form auth.ReactionForm)

+ func ChangeIssueReaction(ctx *context.Context, form auth.ReactionForm)

+ func DingtalkHooksEditPost(ctx *context.Context, form auth.NewDingtalkHookForm)

+ func DingtalkHooksNewPost(ctx *context.Context, form auth.NewDingtalkHookForm)

+ func DownloadPullDiff(ctx *context.Context)

+ func DownloadPullPatch(ctx *context.Context)

type PageMeta

+ SubURL string

+ UpdatedUnix util.TimeStamp

v1.4.0-rc3

Mar 16, 2018 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.4.0-rc2

Mar 2, 2018 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.4.0-rc1

Feb 1, 2018 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.3.3

Feb 19, 2018 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.3.2

Dec 14, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.3.1

Dec 9, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.3.0

Nov 29, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func Activity(ctx *context.Context)

+ func AddTimeManually(c *context.Context, form auth.AddTimeManuallyForm)

+ func CancelStopwatch(c *context.Context)

+ func CreateBranch(ctx *context.Context, form auth.NewBranchForm)

+ func DiscordHooksEditPost(ctx *context.Context, form auth.NewDiscordHookForm)

+ func DiscordHooksNewPost(ctx *context.Context, form auth.NewDiscordHookForm)

+ func GetActionIssue(ctx *context.Context) *models.Issue

+ func IssueStopwatch(c *context.Context)

+ func MustBeAbleToUpload(ctx *context.Context)

+ func MustBeEditable(ctx *context.Context)

+ func RestoreBranchPost(ctx *context.Context)

+ func Search(ctx *context.Context)

+ func SettingsProtectedBranch(c *context.Context)

+ func SettingsProtectedBranchPost(ctx *context.Context, f auth.ProtectBranchForm)

+ type Branch struct

+ Commit *git.Commit

+ DeletedBranch *models.DeletedBranch

+ IsDeleted bool

+ IsProtected bool

+ Name string

v1.3.0-rc2

Nov 27, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.3.0-rc1

Nov 15, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.2.3

Nov 3, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.2.2

Oct 26, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.2.1

Oct 16, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.2.0

Oct 12, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func CleanUpPullRequest(ctx *context.Context)

+ func GogsHooksEditPost(ctx *context.Context, form auth.NewGogshookForm)

+ func GogsHooksNewPost(ctx *context.Context, form auth.NewGogshookForm)

+ func IssueWatch(c *context.Context)

+ func UpdateIssueStatus(ctx *context.Context)

v1.2.0-rc3

Sep 23, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.2.0-rc2

Sep 6, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.2.0-rc1

Aug 25, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.1.4

Sep 4, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.1.3

Aug 6, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.1.2

May 29, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.1.1

May 4, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.1.0

Mar 9, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func ChangeProtectedBranch(ctx *context.Context)

+ func DeleteBranchPost(ctx *context.Context)

+ func DeleteProtectedBranch(ctx *context.Context)

+ func Graph(ctx *context.Context)

+ func ProtectedBranch(ctx *context.Context)

+ func ProtectedBranchPost(ctx *context.Context)

+ func UploadAttachment(ctx *context.Context)

+ func WikiRaw(ctx *context.Context)

v1.0.2

Feb 21, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.0.1

Jan 5, 2017 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

v1.0.0

Dec 23, 2016 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ func SetDiffViewStyle(ctx *context.Context)

+ func SetEditorconfigIfExists(ctx *context.Context)

v0

v0.9.99

Oct 17, 2016 GO-2022-0310 +27 more

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0315: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-0844: Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

GO-2022-0982: Improper Privilege Management in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1922: Gitea XSS Vulnerability in code.gitea.io/gitea

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4262: Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4265: Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ const BRANCH

+ const COLLABORATION

+ const COMMITS

+ const COMPARE_PULL

+ const CREATE

+ const DELETE_FILE

+ const DEPLOY_KEYS

+ const DIFF

+ const EDIT_DIFF_PREVIEW

+ const EDIT_FILE

+ const FORK

+ const FORKS

+ const GITHOOKS

+ const GITHOOK_EDIT

+ const HOME

+ const HOOKS

+ const HOOK_NEW

+ const ISSUES

+ const ISSUE_NEW

+ const ISSUE_TEMPLATE_KEY

+ const ISSUE_VIEW

+ const LABELS

+ const MIGRATE

+ const MILESTONE

+ const MILESTONE_EDIT

+ const MILESTONE_NEW

+ const ORG_HOOK_NEW

+ const PULL_COMMITS

+ const PULL_FILES

+ const PULL_REQUEST_TEMPLATE_KEY

+ const RELEASES

+ const RELEASE_NEW

+ const SETTINGS_OPTIONS

+ const UPLOAD_FILE

+ const WATCHERS

+ const WIKI_NEW

+ const WIKI_PAGES

+ const WIKI_START

+ const WIKI_VIEW

+ var ErrFileTypeForbidden = errors.New("File type is not allowed")

+ var ErrTooManyFiles = errors.New("Maximum number of files to upload exceeded")

+ var IssueTemplateCandidates = []string

+ var PullRequestTemplateCandidates = []string

+ func Action(ctx *context.Context)

+ func Branches(ctx *context.Context)

+ func ChangeCollaborationAccessMode(ctx *context.Context)

+ func ChangeMilestonStatus(ctx *context.Context)

+ func Collaboration(ctx *context.Context)

+ func CollaborationPost(ctx *context.Context)

+ func Commits(ctx *context.Context)

+ func CompareAndPullRequest(ctx *context.Context)

+ func CompareAndPullRequestPost(ctx *context.Context, form auth.CreateIssueForm)

+ func CompareDiff(ctx *context.Context)

+ func Create(ctx *context.Context)

+ func CreatePost(ctx *context.Context, form auth.CreateRepoForm)

+ func DeleteCollaboration(ctx *context.Context)

+ func DeleteComment(ctx *context.Context)

+ func DeleteDeployKey(ctx *context.Context)

+ func DeleteFile(ctx *context.Context)

+ func DeleteFilePost(ctx *context.Context, form auth.DeleteRepoFileForm)

+ func DeleteLabel(ctx *context.Context)

+ func DeleteMilestone(ctx *context.Context)

+ func DeleteRelease(ctx *context.Context)

+ func DeleteWebhook(ctx *context.Context)

+ func DeleteWikiPagePost(ctx *context.Context)

+ func DeployKeys(ctx *context.Context)

+ func DeployKeysPost(ctx *context.Context, form auth.AddSSHKeyForm)

+ func Diff(ctx *context.Context)

+ func DiffPreviewPost(ctx *context.Context, form auth.EditPreviewDiffForm)

+ func Download(ctx *context.Context)

+ func EditFile(ctx *context.Context)

+ func EditFilePost(ctx *context.Context, form auth.EditRepoFileForm)

+ func EditMilestone(ctx *context.Context)

+ func EditMilestonePost(ctx *context.Context, form auth.CreateMilestoneForm)

+ func EditRelease(ctx *context.Context)

+ func EditReleasePost(ctx *context.Context, form auth.EditReleaseForm)

+ func EditWiki(ctx *context.Context)

+ func EditWikiPost(ctx *context.Context, form auth.NewWikiForm)

+ func FileHistory(ctx *context.Context)

+ func Fork(ctx *context.Context)

+ func ForkPost(ctx *context.Context, form auth.CreateRepoForm)

+ func Forks(ctx *context.Context)

+ func GitHooks(ctx *context.Context)

+ func GitHooksEdit(ctx *context.Context)

+ func GitHooksEditPost(ctx *context.Context)

+ func HTTP(ctx *context.Context)

+ func HTTPBackend(ctx *context.Context, cfg *serviceConfig) http.HandlerFunc

+ func Home(ctx *context.Context)

+ func InitializeLabels(ctx *context.Context, form auth.InitializeLabelsForm)

+ func Issues(ctx *context.Context)

+ func Labels(ctx *context.Context)

+ func MergePullRequest(ctx *context.Context)

+ func Migrate(ctx *context.Context)

+ func MigratePost(ctx *context.Context, form auth.MigrateRepoForm)

+ func Milestones(ctx *context.Context)

+ func MustAllowPulls(ctx *context.Context)

+ func MustBeNotBare(ctx *context.Context)

+ func MustEnableIssues(ctx *context.Context)

+ func MustEnableWiki(ctx *context.Context)

+ func NewComment(ctx *context.Context, form auth.CreateCommentForm)

+ func NewFile(ctx *context.Context)

+ func NewFilePost(ctx *context.Context, form auth.EditRepoFileForm)

+ func NewIssue(ctx *context.Context)

+ func NewIssuePost(ctx *context.Context, form auth.CreateIssueForm)

+ func NewLabel(ctx *context.Context, form auth.CreateLabelForm)

+ func NewMilestone(ctx *context.Context)

+ func NewMilestonePost(ctx *context.Context, form auth.CreateMilestoneForm)

+ func NewRelease(ctx *context.Context)

+ func NewReleasePost(ctx *context.Context, form auth.NewReleaseForm)

+ func NewWiki(ctx *context.Context)

+ func NewWikiPost(ctx *context.Context, form auth.NewWikiForm)

+ func ParseCompareInfo(ctx *context.Context) (*models.User, *models.Repository, *git.Repository, *git.PullRequestInfo, ...)

+ func ParseHookEvent(form auth.WebhookForm) *models.HookEvent

+ func PrepareCompareDiff(ctx *context.Context, headUser *models.User, headRepo *models.Repository, ...) bool

+ func PrepareMergedViewPullInfo(ctx *context.Context, issue *models.Issue)

+ func PrepareViewPullInfo(ctx *context.Context, issue *models.Issue) *git.PullRequestInfo

+ func RawDiff(ctx *context.Context)

+ func RefCommits(ctx *context.Context)

+ func Releases(ctx *context.Context)

+ func RemoveUploadFileFromServer(ctx *context.Context, form auth.RemoveUploadFileForm)

+ func RenderIssueLinks(oldCommits *list.List, repoLink string) *list.List

+ func RenderUserCards(ctx *context.Context, total int, getter func(page int) ([]*models.User, error), ...)

+ func RetrieveLabels(ctx *context.Context)

+ func RetrieveRepoMetas(ctx *context.Context, repo *models.Repository) []*models.Label

+ func RetrieveRepoMilestonesAndAssignees(ctx *context.Context, repo *models.Repository)

+ func SearchCommits(ctx *context.Context)

+ func ServeBlob(ctx *context.Context, blob *git.Blob) error

+ func ServeData(ctx *context.Context, name string, reader io.Reader) error

+ func Settings(ctx *context.Context)

+ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm)

+ func SingleDownload(ctx *context.Context)

+ func SlackHooksEditPost(ctx *context.Context, form auth.NewSlackHookForm)

+ func SlackHooksNewPost(ctx *context.Context, form auth.NewSlackHookForm)

+ func Stars(ctx *context.Context)

+ func TestWebhook(ctx *context.Context)

+ func TriggerTask(ctx *context.Context)

+ func UpdateCommentContent(ctx *context.Context)

+ func UpdateIssueAssignee(ctx *context.Context)

+ func UpdateIssueContent(ctx *context.Context)

+ func UpdateIssueLabel(ctx *context.Context)

+ func UpdateIssueMilestone(ctx *context.Context)

+ func UpdateIssueTitle(ctx *context.Context)

+ func UpdateLabel(ctx *context.Context, form auth.CreateLabelForm)

+ func UploadFile(ctx *context.Context)

+ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm)

+ func UploadFileToServer(ctx *context.Context)

+ func UploadIssueAttachment(ctx *context.Context)

+ func ValidateRepoMetas(ctx *context.Context, form auth.CreateIssueForm) ([]int64, int64, int64)

+ func ViewIssue(ctx *context.Context)

+ func ViewPullCommits(ctx *context.Context)

+ func ViewPullFiles(ctx *context.Context)

+ func Watchers(ctx *context.Context)

+ func WebHooksEdit(ctx *context.Context)

+ func WebHooksEditPost(ctx *context.Context, form auth.NewWebhookForm)

+ func WebHooksNewPost(ctx *context.Context, form auth.NewWebhookForm)

+ func Webhooks(ctx *context.Context)

+ func WebhooksNew(ctx *context.Context)

+ func Wiki(ctx *context.Context)

+ func WikiPages(ctx *context.Context)

+ type OrgRepoCtx struct

+ Link string

+ NewTemplate base.TplName

+ OrgID int64

+ RepoID int64

+ type PageMeta struct

+ Name string

+ URL string

+ Updated time.Time