Gogs.io/gogs

This hub aggregates every CVE we track for Gogs.io/gogs, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Gogs.io/gogs.

• CVE-2026-26276Gogs: DOM-based XSS via milestone selection7.3Mar 5, 2026
• CVE-2026-26196Gogs: Access tokens get exposed through URL params in API requests5.3Mar 5, 2026
• CVE-2026-26195Gogs: Stored XSS in branch and wiki views through author and committer names6.1Mar 5, 2026
• CVE-2026-26194Gogs: Release tag option injection in release deletion7.3Mar 5, 2026
• CVE-2026-25921Gogs: Cross-repository LFS object overwrite via missing content hash verification9.3Mar 5, 2026
• CVE-2026-26022Gogs: Stored XSS via data URI in issue comments8.7Mar 5, 2026
• CVE-2026-25229Gogs Authorization Bypass Allows Cross-Repository Label Modification6.5Feb 19, 2026
• CVE-2026-25242Gogs allows unauthenticated file uploads9.8Feb 19, 2026
• CVE-2026-25232Gogs has a Protected Branch Deletion Bypass in Web Interface8.8Feb 19, 2026
• CVE-2026-25120Gogs Allows Cross-Repository Comment Deletion via DeleteComment2.7Feb 19, 2026
• CVE-2026-24135Gogs vulnerable to arbitrary file deletion via path traversal in wiki page update8.1Feb 6, 2026
• CVE-2026-23633Gogs has arbitrary file read/write via path traversal in Git hook editing6.5Feb 6, 2026
• CVE-2026-23632Gogs user can update repository content with read-only permission6.5Feb 6, 2026
• CVE-2026-22592Gogs is Vulnerable to Denial of Service6.5Feb 6, 2026
• CVE-2025-64175Gogs Vulnerable to 2FA Bypass via Recovery Code8.8Feb 6, 2026