Affected by GO-2022-0369 and 24 other vulnerabilities

GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

GO-2022-0377: SSRF in repository migration in gogs.io/gogs

GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

GO-2022-0566: SSRF in repository migration in gogs.io/gogs

GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

GO-2022-0797: Insecure Permissions in Gogs in gogs.io/gogs

GO-2022-0822: Open Redirect in gogs.io/gogs

GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

GO-2025-3776: Gogs allows deletion of internal files which leads to remote command execution in gogs.io/gogs

GO-2025-3778: Gogs XSS allowed by stored call in PDF renderer in gogs.io/gogs

modules/

Details

Path	Synopsis
auth
ldap Package ldap provide functions & structure to query a LDAP ldap directory For now, it's mainly tested again an MS Active Directory service, see README.md for more information	Package ldap provide functions & structure to query a LDAP ldap directory For now, it's mainly tested again an MS Active Directory service, see README.md for more information
pam
avatar It is recommend to use this way cacheDir := "./cache" defaultImg := "./default.jpg" http.Handle("/avatar/", avatar.CacheServer(cacheDir, defaultImg))	It is recommend to use this way cacheDir := "./cache" defaultImg := "./default.jpg" http.Handle("/avatar/", avatar.CacheServer(cacheDir, defaultImg))
base
bindata
cron Package cron implements a cron spec parser and job runner.	Package cron implements a cron spec parser and job runner.
httplib
log
mailer
middleware
process
setting
ssh
template
user
uuid Package uuid provides implementation of Universally Unique Identifier (UUID).	Package uuid provides implementation of Universally Unique Identifier (UUID).