pkg:Bitnami/gitea

共 42 筆 CVECRITICAL8HIGH9MEDIUM22LOW3

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.8CVE-2020-28991Improper Access Control in Gitea
    >= 0.9.99, < 1.12.6
  • CRITICAL9.8CVE-2022-42968Gitea vulnerable to Argument Injection in code.gitea.io/gitea
    from 0, < 1.17.3
  • CRITICAL9.8CVE-2021-45331Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea
    from 0, < 1.5.0
  • CRITICAL9.8CVE-2021-45330Improper Privilege Management in Gitea in code.gitea.io/gitea
    from 0, < 1.15.8
  • CRITICAL9.8CVE-2021-45327Capture-replay in Gitea in code.gitea.io/gitea
    from 0, < 1.11.2
  • CRITICAL9.1CVE-2026-20912Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea
    from 0, < 1.25.4
  • CRITICAL9.1CVE-2026-20897Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea
    from 0, < 1.25.4
  • CRITICAL9.1CVE-2026-20750Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea
    from 0, < 1.25.4
  • HIGH8.8CVE-2021-45326Cross Site Request Forgery in Gitea in github.com/go-gitea/gitea
    from 0, < 1.5.2
  • HIGH8.2CVE-2025-68939Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
    from 0, < 1.23.0
  • HIGH7.5CVE-2026-20736Gitea has improper access control for uploaded attachments in code.gitea.io/gitea
    from 0, < 1.25.4
  • HIGH7.5CVE-2022-30781Shell command injection in gitea in code.gitea.io/gitea
    from 0, < 1.16.7
  • HIGH7.5CVE-2022-27313Arbitrary file deletion in gitea in code.gitea.io/gitea
    >= 1.16.3, < 1.16.4
  • HIGH7.5CVE-2020-13246Denial of Service in Gitea in code.gitea.io/gitea
    from 0, < 1.11.6
  • HIGH7.2CVE-2020-14144Arbitrary Code Execution in Gitea
    >= 1.1.0, < 1.12.6
  • HIGH7.1CVE-2022-0905Gitea Missing Authorization vulnerability in code.gitea.io/gitea
    from 0, < 1.16.4
  • HIGH7.0CVE-2021-3382Buffer Overflow in gitea in code.gitea.io/gitea
    >= 1.9.0, < 1.13.2
  • MEDIUM6.5CVE-2026-20904Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea
    from 0, < 1.25.4
  • MEDIUM6.5CVE-2026-20883Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea
    from 0, < 1.25.4
  • MEDIUM6.5CVE-2026-20800Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea
    from 0, < 1.25.4
  • MEDIUM6.5CVE-2022-38795Gitea erroneous repo clones in code.gitea.io/gitea
    from 0, < 1.17.2
  • MEDIUM6.5CVE-2022-38183Gitea allowed assignment of private issues in code.gitea.io/gitea
    from 0, < 1.16.9
  • MEDIUM6.1CVE-2022-1058Gitea Open Redirect in code.gitea.io/gitea
    from 0, < 1.16.5
  • MEDIUM6.1CVE-2021-45329Cross-site Scripting in Gitea in github.com/go-gitea/gitea
    from 0, < 1.5.1
  • MEDIUM6.1CVE-2021-45328Open redirect in Gitea in github.com/go-gitea/gitea
    from 0, < 1.4.3
  • MEDIUM5.8CVE-2025-68945Gitea: anonymous user can visit private user's project in code.gitea.io/gitea
    from 0, < 1.21.2
  • MEDIUM5.4CVE-2025-68946Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea
    from 0, < 1.20.1
  • MEDIUM5.4CVE-2025-68942Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea
    from 0, < 1.22.2
  • MEDIUM5.4CVE-2021-28378Cross-site Scripting in Gitea in code.gitea.io/gitea
    >= 1.12.0, < 1.12.7, >= 1.13.0, < 1.13.4
  • MEDIUM5.3CVE-2025-69413Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea
    from 0, < 1.25.2
  • MEDIUM5.3CVE-2025-68943Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea
    from 0, < 1.21.8
  • MEDIUM5.3CVE-2021-29134Path Traversal in Gitea in code.gitea.io/gitea
    from 0, < 1.13.6
  • MEDIUM5.3CVE-2021-45325Gitea displaying raw OpenID error in UI in github.com/go-gitea/gitea
    from 0, < 1.7.0
  • MEDIUM5.0CVE-2025-68944Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea
    from 0, < 1.22.2
  • MEDIUM4.9CVE-2025-68941Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea
    from 0, < 1.22.3
  • MEDIUM4.4CVE-2022-1928Stored Cross-site Scripting in gitea in code.gitea.io/gitea
    from 0, < 1.16.9
  • MEDIUM4.3CVE-2026-20888Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea
    from 0, < 1.25.4
  • MEDIUM4.3CVE-2025-68938Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
    from 0, < 1.25.2
  • MEDIUM4.3CVE-2022-46685Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information
    from 0, < 1.4.5
  • LOW3.5CVE-2026-0798Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea
    from 0, < 1.25.4
  • LOW3.1CVE-2025-68940Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea
    from 0, < 1.22.5
  • LOW3.0CVE-2023-3515code.gitea.io/gitea Open Redirect vulnerability
    from 0, < 1.19.4