Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitea gitea vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-11228
repo/setting.go in Gitea prior to 1.7.6 and 1.8.x prior to 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.
Gitea Gitea 1.8.0
Gitea Gitea
8.8
CVSSv3
CVE-2019-11229
models/repo_mirror.go in Gitea prior to 1.7.6 and 1.8.x prior to 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.
Gitea Gitea 1.8.0
Gitea Gitea
6.1
CVSSv3
CVE-2019-1010314
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected r...
Gitea Gitea 1.7.3
Gitea Gitea 1.7.2
8.6
CVSSv3
CVE-2018-15192
An SSRF vulnerability in webhooks in Gitea up to and including 1.5.0-rc2 and Gogs up to and including 0.11.53 allows remote malicious users to access intranet services.
Gogs Gogs
Gitea Gitea 1.5.0
Gitea Gitea
7.5
CVSSv3
CVE-2021-45325
Server Side Request Forgery (SSRF) vulneraility exists in Gitea prior to 1.7.0 using the OpenID URL.
Gitea Gitea
8.8
CVSSv3
CVE-2021-45326
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea prior to 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.
Gitea Gitea
9.8
CVSSv3
CVE-2021-45327
Gitea prior to 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
Gitea Gitea
6.1
CVSSv3
CVE-2021-45328
Gitea prior to 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
Gitea Gitea
6.1
CVSSv3
CVE-2021-45329
Cross Site Scripting (XSS) vulnerability exists in Gitea prior to 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
Gitea Gitea
9.8
CVSSv3
CVE-2021-45330
An issue exsits in Gitea up to and including 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.
Gitea Gitea
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »