Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitea gitea vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38795
In Gitea up to and including 1.17.1, repo cloning can occur in the migration function.
Gitea Gitea
6.5
CVSSv2
CVE-2020-14144
The git hook feature in Gitea 1.1.0 up to and including 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately a...
Gitea Gitea
3 Github repositories
3.5
CVSSv2
CVE-2021-28378
Gitea 1.12.x and 1.13.x prior to 1.13.4 allows XSS via certain issue data in some situations.
Gitea Gitea
1 Github repository
5
CVSSv2
CVE-2021-29134
The avatar middleware in Gitea prior to 1.13.6 allows Directory Traversal via a crafted URL.
Gitea Gitea
7.5
CVSSv2
CVE-2020-28991
Gitea 0.9.99 up to and including 1.12.x prior to 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
Gitea Gitea
5.5
CVSSv2
CVE-2022-0905
Missing Authorization in GitHub repository go-gitea/gitea before 1.16.4.
Gitea Gitea
5.8
CVSSv2
CVE-2022-1058
Open Redirect on login in GitHub repository go-gitea/gitea before 1.16.5.
Gitea Gitea
5.5
CVSSv2
CVE-2019-1000002
Gitea version 1.6.2 and previous versions contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must g...
Gitea Gitea
5
CVSSv2
CVE-2021-3382
Stack buffer overflow vulnerability in gitea 1.9.0 up to and including 1.13.1 allows remote malicious users to cause a denial of service (crash) via vectors related to a file path.
Gitea Gitea
5
CVSSv2
CVE-2018-1000803
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if the...
Gitea Gitea
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »