pkg:Go/github.com/go-gitea/gitea

All known vulnerabilities

• CRITICAL9.8CVE-2020-28991Improper Access Control in Gitea
  >= 0.9.99, < 1.12.6
• CRITICAL9.8CVE-2022-42968Gitea vulnerable to Argument Injection in code.gitea.io/gitea
  from 0, < 1.17.3
• CRITICAL9.8CVE-2021-45327Capture-replay in Gitea in code.gitea.io/gitea
  from 0, < 1.11.2
• CRITICAL9.1Gitea: Cross-Repository Authorization Bypass via Release Attachment Linking Leads to Private Attachment Disclosure
  from 0, < 1.25.4
• CRITICAL9.1Gitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR)
  from 0, < 1.25.4
• CRITICAL9.1Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR)
  from 0, < 1.25.4
• HIGH8.8Cross Site Request Forgery in Gitea in github.com/go-gitea/gitea
  from 0, < 1.5.2
• HIGH8.8Cross Site Request Forgery in Gitea in github.com/go-gitea/gitea
  from 0, < 1.5.2
• HIGH8.1Gitea Remote Code Execution in github.com/go-gitea/gitea
  from 0, < 1.7.6
• HIGH8.1Gitea Remote Code Execution in github.com/go-gitea/gitea
  from 0, < 1.7.6
• HIGH7.5Gitea Improper Input Validation in github.com/go-gitea/gitea
  from 0, < 1.7.6
• HIGH7.5Gitea Improper Input Validation in github.com/go-gitea/gitea
  from 0, < 1.7.6
• HIGH7.5Denial of Service in Gitea in code.gitea.io/gitea
  from 0, < 1.12.0
• HIGH7.0Buffer Overflow in gitea in code.gitea.io/gitea
  >= 1.9.0, < 1.13.2
• MEDIUM6.5Gitea: Broken access control in OpenID visibility toggle enables cross-user visibility changes
  from 0, < 1.25.4
• MEDIUM6.5Gitea Stopwatch API Missing Authorization Check Leads to Post-Revocation Information Disclosure
  from 0, < 1.25.4
• MEDIUM6.5Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation
  from 0, < 1.25.4
• MEDIUM6.1Cross-site Scripting in Gitea in github.com/go-gitea/gitea
  from 0, < 1.5.1
• MEDIUM6.1Cross-site Scripting in Gitea in github.com/go-gitea/gitea
  from 0, < 1.5.1
• MEDIUM6.1Open redirect in Gitea in github.com/go-gitea/gitea
  from 0, < 1.4.3
• MEDIUM6.1Open redirect in Gitea in github.com/go-gitea/gitea
  from 0, < 1.4.3
• MEDIUM5.3Gitea Exposes Private Email Addresses in github.com/go-gitea/gitea
  from 0, < 1.5.1
• MEDIUM5.3Gitea Exposes Private Email Addresses in github.com/go-gitea/gitea
  from 0, < 1.5.1
• MEDIUM5.3Gitea displaying raw OpenID error in UI in github.com/go-gitea/gitea
  from 0, < 1.7.0
• MEDIUM5.3Gitea displaying raw OpenID error in UI in github.com/go-gitea/gitea
  from 0, < 1.7.0
• MEDIUM4.3Gitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass)
  from 0, < 1.25.4