19 Total CVEs
15 AI Analyzed
0 CISA KEV
8 Critical
All Vendors
Showing 1-19 of 19 CVEs
CVE-2026-58426
Analyzed
9.6
Gitea Gitea Open Source Git Server

An HMAC ambiguity in Gitea Actions Artifacts allows cross-repository data reads and cross-task state writes, compromising the integrity and confidenti...

2026-07-04
CVE-2026-58424
Analyzed
8.9
Gitea Gitea Open Source Git Server

Permanent Fork PR Workflow Approval Gate Bypass

2026-07-04
CVE-2026-58422
Analyzed
9.8
Gitea Open Source Git Server

An improper authorization flaw in the OAuth sign-in callback mechanism allows attackers to silently re-enable previously disabled administrator accoun...

2026-07-07
CVE-2026-58421
Analyzed
7.5
Gitea Open Source Git Server

Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service

2026-07-07
CVE-2026-28744
Analyzed
8.1
Gitea Gitea Open Source Git Server

Gitea versions up to and including 1

2026-07-04
CVE-2026-27780
Analyzed
9.8
Gitea Gitea Open Source Git Server

Gitea versions before 1.26.0 fail to handle errors correctly during pre-receive hook processing, allowing attackers to bypass branch-protection checks...

2026-07-07
CVE-2026-27779
7.5
Gitea Gitea Open Source Git Server

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...

2026-07-09
CVE-2026-27775
8.8
Gitea Gitea Open Source Git Server

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-e...

2026-07-09
CVE-2026-27660
7.5
Gitea Gitea Open Source Git Server

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission.

2026-07-09
CVE-2026-26292
Analyzed
9.8
Gitea Gitea Open Source Git Server

Gitea versions before 1.25.5 fail to use the migration HTTP transport for LFS operations, bypassing configured security protections for push and sync...

2026-07-08
CVE-2026-26247
Analyzed
9.1
Gitea Gitea Open Source Git Server

Gitea versions before 1.25.5 fail to correctly persist OAuth2 PKCE S256 challenges, allowing token exchange to proceed without mandatory verifier vali...

2026-07-08
CVE-2026-26231
Analyzed
8.5
Gitea Gitea Open Source Git Server

Gitea versions up to and including 1

2026-07-04
CVE-2026-25718
Analyzed
9.1
Gitea Open Source Git Server

Gitea versions before 1.25.5 improperly handle path resolution during template repository generation, allowing reads or writes through symlinks or non...

2026-07-08
CVE-2026-25038
Analyzed
7.5
Gitea Open Source Git Server

Gitea 1.26.2 allows unauthorized users to access labels of private organizations.

2026-07-08
CVE-2026-24690
Analyzed
7.5
Gitea Gitea Open Source Git Server

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches.

2026-07-08
CVE-2026-22874
Analyzed
9.6
Gitea Gitea Open Source Git Server

Gitea versions up to 1.26.2 contain a vulnerability involving incomplete SSRF protection within the webhook and migration allow-list filtering mechani...

2026-07-04
CVE-2026-22547
Analyzed
9.1
Gitea Gitea Open Source Git Server

Gitea versions before 1.25.5 contain an improper input validation vulnerability in repository creation fields, potentially allowing unauthorized data...

2026-07-08
CVE-2026-20736
7.5
Gitea Multiple Products

Gitea does not properly verify repository context when deleting attachments

2026-01-24
CVE-2025-68939
Analyzed
8.2
Gitea Multiple Products

Gitea before 1

2025-12-26