Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gogs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46657
Jenkins Gogs Plugin 1.0.15 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid webhook token.
Jenkins Gogs
NA
CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and previous versions provides unauthenticated attackers information about the existence of jobs in its output.
Jenkins Gogs
NA
CVE-2023-40349
Jenkins Gogs Plugin 1.0.15 and previous versions improperly initializes an option to secure its webhook endpoint, allowing unauthenticated malicious users to trigger builds of jobs.
Jenkins Gogs
NA
CVE-2022-2024
OS Command Injection in GitHub repository gogs/gogs before 0.12.11.
Gogs Gogs
NA
CVE-2022-32174
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
Gogs Gogs
668
VMScore
CVE-2022-1986
OS Command Injection in GitHub repository gogs/gogs before 0.12.9.
Gogs Gogs
570
VMScore
CVE-2022-1992
Path Traversal in GitHub repository gogs/gogs before 0.12.9.
Gogs Gogs
490
VMScore
CVE-2022-1993
Path Traversal in GitHub repository gogs/gogs before 0.12.9.
Gogs Gogs
312
VMScore
CVE-2022-31038
Gogs is an open source self-hosted Git service. In versions of gogs before 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which saniti...
Gogs Gogs
578
VMScore
CVE-2021-32546
Missing input validation in internal/db/repo_editor.go in Gogs prior to 0.12.8 allows an malicious user to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that...
Gogs Gogs
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »