Server Side Request Forgery (SSRF) vulneraility exists in Gitea prior to 1.7.0 using the OpenID URL.
gitea gitea