Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitea gitea vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-45325
Server Side Request Forgery (SSRF) vulneraility exists in Gitea prior to 1.7.0 using the OpenID URL.
Gitea Gitea
9.8
CVSSv3
CVE-2021-45327
Gitea prior to 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
Gitea Gitea
6.1
CVSSv3
CVE-2021-45329
Cross Site Scripting (XSS) vulnerability exists in Gitea prior to 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
Gitea Gitea
4.4
CVSSv3
CVE-2023-3515
Open Redirect in GitHub repository go-gitea/gitea before 1.19.4.
Gitea Gitea
7.5
CVSSv3
CVE-2022-30781
Gitea prior to 1.16.7 does not escape git fetch remote.
Gitea Gitea
2 Github repositories
9.8
CVSSv3
CVE-2022-42968
Gitea prior to 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.
Gitea Gitea
5.4
CVSSv3
CVE-2021-28378
Gitea 1.12.x and 1.13.x prior to 1.13.4 allows XSS via certain issue data in some situations.
Gitea Gitea
1 Github repository
7.5
CVSSv3
CVE-2021-3382
Stack buffer overflow vulnerability in gitea 1.9.0 up to and including 1.13.1 allows remote malicious users to cause a denial of service (crash) via vectors related to a file path.
Gitea Gitea
9.8
CVSSv3
CVE-2020-28991
Gitea 0.9.99 up to and including 1.12.x prior to 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
Gitea Gitea
5.3
CVSSv3
CVE-2021-29134
The avatar middleware in Gitea prior to 1.13.6 allows Directory Traversal via a crafted URL.
Gitea Gitea
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »