Known Vulnerabilities for products from Gitea
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Gitea".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-58426 json | Not Provided | 2026-07-03 | 2026-07-06 | |
| CVE-2026-58370 json | Not Provided | 2026-06-30 | 2026-07-14 | |
| CVE-2026-58053 json | Not Provided | 2026-06-28 | 2026-06-30 | |
| CVE-2026-28744 json | Not Provided | 2026-07-03 | 2026-07-06 | |
| CVE-2026-28740 json | Not Provided | 2026-07-03 | 2026-07-07 | |
| CVE-2026-28737 json | Not Provided | 2026-07-03 | 2026-07-07 | |
| CVE-2026-28705 json | Not Provided | 2026-07-03 | 2026-07-07 | |
| CVE-2026-28699 json | Not Provided | 2026-07-03 | 2026-07-06 | |
| CVE-2026-27783 json | Not Provided | 2026-07-03 | 2026-07-06 | |
| CVE-2026-27780 json | Not Provided | 2026-07-03 | 2026-07-06 | |
| CVE-2026-20912 json | Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a priva... | Not Provided | 2026-01-22 | 2026-07-15 |
| CVE-2026-20897 json | Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository... | Not Provided | 2026-01-22 | 2026-07-15 |
| CVE-2026-20750 json | Gitea does not properly validate project ownership in organization project operations. A user with project write access in on... | Not Provided | 2026-01-22 | 2026-07-15 |
| CVE-2026-20736 json | Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to ... | Not Provided | 2026-01-22 | 2026-07-15 |
| CVE-2023-3515 json | Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. | 4.4 - MEDIUM | 2023-07-05 | 2023-07-11 |
| CVE-2022-46685 json | In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials mas... | 4.3 - MEDIUM | 2022-12-12 | 2022-12-12 |
| CVE-2022-42968 json | Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled. | 9.8 - CRITICAL | 2022-10-16 | 2022-12-03 |
| CVE-2022-38795 json | In Gitea through 1.17.1, repo cloning can occur in the migration function. | 6.5 - MEDIUM | 2023-08-07 | 2023-08-09 |
| CVE-2022-38183 json | In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an att... | 6.5 - MEDIUM | 2022-08-12 | 2023-08-08 |
| CVE-2022-30781 json | Gitea before 1.16.7 does not escape git fetch remote. | 7.5 - HIGH | 2022-05-16 | 2023-01-27 |
Known software with vulnerabilities from Gitea
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gitea | Gitea | 0.9.99 |