git package versions - code.gitea.io/gitea/modules/git

Sep 24, 2025 GO-2025-4261

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Dec 18, 2025 GO-2025-4261

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Nov 22, 2025 GO-2025-4261

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Nov 4, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Oct 29, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Changes in this version

+ const SigningKeyFormatOpenPGP

+ const SigningKeyFormatSSH

type Blob

+ func (b *Blob) GetBlobBytes(limit int64) ([]byte, error)

type CommitTreeOpts

+ Key *SigningKey

type CommitsByFileAndRangeOptions

+ Since string

+ Until string

type CommitsCountOptions

+ Since string

+ Until string

+ type EntryFollowResult struct

+ SymlinkContent string

+ TargetEntry *TreeEntry

+ TargetFullPath string

+ func EntryFollowLink(commit *Commit, fullPath string, te *TreeEntry) (*EntryFollowResult, error)

+ func EntryFollowLinks(commit *Commit, firstFullPath string, firstTreeEntry *TreeEntry, ...) (res *EntryFollowResult, err error)

type GPGSettings

+ Format string

type Repository

+ func (repo *Repository) ShowPrettyFormatLogToList(ctx context.Context, revisionRange string) ([]*Commit, error)

+ type SigningKey struct

+ Format string

+ KeyID string

+ func (s *SigningKey) String() string

Sep 25, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Apr 28, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Oct 25, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Sep 11, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Aug 13, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Aug 4, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Changes in this version

+ func SplitCommitTitleBody(commitMessage string, titleRuneLimit int) (title, body string)

type CommitSubmoduleFile

+ func GetCommitInfoSubmoduleFile(repoLink, fullPath string, commit *Commit, refCommitID ObjectID) (*CommitSubmoduleFile, error)

Jul 15, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Changes in this version

type CommitSubmoduleFile

+ func (sf *CommitSubmoduleFile) SubmoduleWebLinkCompare(ctx context.Context, commitID1, commitID2 string) *SubmoduleWebLink

+ func (sf *CommitSubmoduleFile) SubmoduleWebLinkTree(ctx context.Context, optCommitID ...string) *SubmoduleWebLink

type EntryMode

+ func (e EntryMode) IsDir() bool

+ func (e EntryMode) IsExecutable() bool

+ func (e EntryMode) IsLink() bool

+ func (e EntryMode) IsRegular() bool

+ func (e EntryMode) IsSubModule() bool

Jun 20, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Jun 19, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Jun 10, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Changes in this version

+ const CmdSubVerbLfsDownload

+ const CmdSubVerbLfsUpload

+ const CmdVerbLfsAuthenticate

+ const CmdVerbLfsTransfer

+ const CmdVerbReceivePack

+ const CmdVerbUploadArchive

+ const CmdVerbUploadPack

+ func GetDiffShortStatByCmdArgs(ctx context.Context, repoPath string, trustedArgs TrustedCmdArgs, ...) (numFiles, totalAdditions, totalDeletions int, err error)

+ func IsAllowedVerbForServe(verb string) bool

+ func IsAllowedVerbForServeLfs(verb string) bool

+ func IsErrInvalidCloneAddr(err error) bool

+ func IsErrSymlinkUnresolved(err error) bool

+ func ParseRemoteAddr(remoteAddr, authUsername, authPassword string) (string, error)

type ArchiveType

+ const ArchiveBundle

+ const ArchiveTarGz

+ const ArchiveUnknown

+ const ArchiveZip

+ func SplitArchiveNameType(s string) (string, ArchiveType)

type Batch

+ func NewBatch(ctx context.Context, repoPath string) (*Batch, error)

+ func NewBatchCheck(ctx context.Context, repoPath string) (*Batch, error)

type Command

+ func (c *Command) LogString() string

+ func (c *Command) ProcessState() string

type CommitInfo

+ SubmoduleFile *CommitSubmoduleFile

+ type CommitSubmoduleFile struct

+ func NewCommitSubmoduleFile(refURL, refID string) *CommitSubmoduleFile

+ func (sf *CommitSubmoduleFile) RefID() string

+ func (sf *CommitSubmoduleFile) SubmoduleWebLink(ctx context.Context, optCommitID ...string) *SubmoduleWebLink

type EntryMode

+ const EntryModeNoEntry

+ func ParseEntryMode(mode string) (EntryMode, error)

+ type ErrInvalidCloneAddr struct

+ Host string

+ IsInvalidPath bool

+ IsPermissionDenied bool

+ IsProtocolInvalid bool

+ IsURLError bool

+ LocalPath bool

+ func (err *ErrInvalidCloneAddr) Error() string

+ func (err *ErrInvalidCloneAddr) Unwrap() error

+ type ErrSymlinkUnresolved struct

+ Message string

+ Name string

+ func (err ErrSymlinkUnresolved) Error() string

type Features

+ SupportCheckAttrOnBare bool

+ type GrepModeType string

+ const GrepModeExact

+ const GrepModeRegexp

+ const GrepModeWords

type GrepOptions

+ GrepMode GrepModeType

type RefName

+ func RefNameFromCommit(shortName string) RefName

+ func (ref RefName) RefWebLinkPath() string

+ type RefType string

+ const RefTypeBranch

+ const RefTypeCommit

+ const RefTypeTag

+ type SubmoduleWebLink struct

+ CommitWebLink string

+ RepoWebLink string

Apr 29, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Dec 16, 2024 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

May 12, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Apr 7, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Mar 24, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Mar 4, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Feb 19, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Feb 6, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Feb 5, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Jan 10, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Jan 9, 2025 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Changes in this version

+ func AddTemplateSubmoduleIndexes(ctx context.Context, repoPath string, submodules []TemplateSubmoduleCommit) error

+ func IsErrCanceledOrKilled(err error) bool

+ func IsRemoteNotExistError(err error) bool

+ func IsStringLikelyCommitID(objFmt ObjectFormat, s string, minLength ...int) bool

+ func ParseCatFileTreeLine(objectFormat ObjectFormat, rd *bufio.Reader, modeBuf, fnameBuf, shaBuf []byte) (mode, fname, sha []byte, n int, err error)

+ type CommitSubModuleFile struct

+ func NewCommitSubModuleFile(refURL, refID string) *CommitSubModuleFile

+ func (sf *CommitSubModuleFile) RefID() string

+ func (sf *CommitSubModuleFile) RefURL(urlPrefix, repoFullName, sshDomain string) string

+ type LsTreeEntry struct

+ EntryMode EntryMode

+ ID ObjectID

+ Name string

+ Size optional.Option[int64]

type Repository

+ func (repo *Repository) GetTreePathLatestCommit(refName, treePath string) (*Commit, error)

+ func (repo *Repository) UnstableGuessRefByShortName(shortName string) RefName

type SubModule

+ Branch string

+ Path string

+ type TemplateSubmoduleCommit struct

+ Commit string

+ Path string

+ func GetTemplateSubmoduleCommits(ctx context.Context, repoPath string) (submoduleCommits []TemplateSubmoduleCommit, _ error)

Dec 17, 2024 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Mar 28, 2024 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Dec 13, 2024 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Dec 11, 2024 GO-2025-4258 +1 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Nov 25, 2024 GO-2025-4258 +2 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

Oct 9, 2024 GO-2025-4258 +2 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

Sep 5, 2024 GO-2025-4258 +3 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ type Batch struct

+ Reader *bufio.Reader

+ Writer WriteCloserError

+ func (b *Batch) Close()

+ type IndexObjectInfo struct

+ Filename string

+ Mode string

+ Object ObjectID

type Repository

+ func (repo *Repository) AddObjectsToIndex(objects ...IndexObjectInfo) error

+ func (repo *Repository) GetCommitBranchStart(env []string, branch, endCommitID string) (string, error)

+ func (repo *Repository) NewBatch(ctx context.Context) (*Batch, error)

+ func (repo *Repository) NewBatchCheck(ctx context.Context) (*Batch, error)

Jul 4, 2024 GO-2025-4258 +5 more

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

May 27, 2024 GO-2024-3056 +6 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Changes in this version

+ const AttributeGitlabLanguage

+ const AttributeLinguistDetectable

+ const AttributeLinguistDocumentation

+ const AttributeLinguistGenerated

+ const AttributeLinguistLanguage

+ const AttributeLinguistVendored

+ func AttributeToBool(attr map[string]string, name string) optional.Option[bool]

+ func AttributeToString(attr map[string]string, name string) optional.Option[string]

+ func BinToHex(objectFormat ObjectFormat, sha, out []byte) []byte

+ func GetDefaultBranch(ctx context.Context, repoPath string) (string, error)

+ func HashFilePathForWebUI(s string) string

+ func IsEmptyCommitID(commitID string) bool

+ func IsErrorExitCode(err error, code int) bool

+ func IsValidObjectFormat(name string) bool

+ func TryReadLanguageAttribute(attrs map[string]string) optional.Option[string]

+ func WalkShowRef(ctx context.Context, repoPath string, extraArgs TrustedCmdArgs, ...) (countAll int, err error)

+ type CommitSignature struct

+ Payload string

+ Signature string

+ type EmptyReader struct

+ func (EmptyReader) Read(p []byte) (int, error)

+ type Features struct

+ SupportHashSha256 bool

+ SupportProcReceive bool

+ SupportedObjectFormats []ObjectFormat

+ UsingGogit bool

+ func DefaultFeatures() *Features

+ func (f *Features) CheckVersionAtLeast(atLeast string) bool

+ func (f *Features) VersionInfo() string

+ type GrepOptions struct

+ ContextLineNumber int

+ IsFuzzy bool

+ MaxLineLength int

+ MaxResultLimit int

+ PathspecList []string

+ RefName string

+ type GrepResult struct

+ Filename string

+ LineCodes []string

+ LineNumbers []int

+ func GrepSearch(ctx context.Context, repo *Repository, search string, opts GrepOptions) ([]*GrepResult, error)

+ type ObjectFormat interface

+ ComputeHash func(t ObjectType, content []byte) ObjectID

+ EmptyObjectID func() ObjectID

+ EmptyTree func() ObjectID

+ FullLength func() int

+ IsValid func(input string) bool

+ MustID func(b []byte) ObjectID

+ Name func() string

+ var Sha1ObjectFormat ObjectFormat = Sha1ObjectFormatImpl{}

+ var Sha256ObjectFormat ObjectFormat = Sha256ObjectFormatImpl{}

+ func ObjectFormatFromName(name string) ObjectFormat

+ type ObjectID interface

+ IsZero func() bool

+ RawValue func() []byte

+ String func() string

+ Type func() ObjectFormat

type Repository

+ func (repo *Repository) ConvertToGitID(commitID string) (ObjectID, error)

+ func (repo *Repository) GetObjectFormat() (ObjectFormat, error)

+ type Sha1Hash [20]byte

+ func (*Sha1Hash) Type() ObjectFormat

+ func (h *Sha1Hash) IsZero() bool

+ func (h *Sha1Hash) RawValue() []byte

+ func (h *Sha1Hash) String() string

+ type Sha1ObjectFormatImpl struct

+ func (Sha1ObjectFormatImpl) EmptyObjectID() ObjectID

+ func (Sha1ObjectFormatImpl) EmptyTree() ObjectID

+ func (Sha1ObjectFormatImpl) FullLength() int

+ func (Sha1ObjectFormatImpl) IsValid(input string) bool

+ func (Sha1ObjectFormatImpl) MustID(b []byte) ObjectID

+ func (Sha1ObjectFormatImpl) Name() string

+ func (h Sha1ObjectFormatImpl) ComputeHash(t ObjectType, content []byte) ObjectID

+ type Sha256Hash [32]byte

+ func (*Sha256Hash) Type() ObjectFormat

+ func (h *Sha256Hash) IsZero() bool

+ func (h *Sha256Hash) RawValue() []byte

+ func (h *Sha256Hash) String() string

+ type Sha256ObjectFormatImpl struct

+ func (Sha256ObjectFormatImpl) EmptyObjectID() ObjectID

+ func (Sha256ObjectFormatImpl) EmptyTree() ObjectID

+ func (Sha256ObjectFormatImpl) FullLength() int

+ func (Sha256ObjectFormatImpl) IsValid(input string) bool

+ func (Sha256ObjectFormatImpl) MustID(b []byte) ObjectID

+ func (Sha256ObjectFormatImpl) Name() string

+ func (h Sha256ObjectFormatImpl) ComputeHash(t ObjectType, content []byte) ObjectID

Apr 27, 2024 GO-2024-3056 +6 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Mar 28, 2024 GO-2024-3056 +6 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Sep 20, 2023 GO-2024-3056 +6 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Apr 16, 2024 GO-2024-3056 +6 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Mar 25, 2024 GO-2024-3056 +6 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Mar 22, 2024 GO-2024-3056 +6 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Mar 13, 2024 GO-2024-3056 +6 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Feb 26, 2024 GO-2024-3056 +7 more

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Feb 22, 2024 GO-2024-3056 +7 more