CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability in Gitea before version 1.25.5 allows specially crafted release tag and asset names to affect dump output paths when dumping release assets.
A vulnerability in Gitea up to version 1.26.1 allows bypassing OAuth2 access token scope enforcement via HTTP Basic authentication.
A vulnerability in Gitea up to version 1.26.1 inclusive does not enforce repository-unit authorization on issue-template API endpoints. This allows unauthorized users to access sensitive data or functions related to issue templates.
A vulnerability in Gitea before version 1.26.0 fails to close the connection securely on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.
A vulnerability in Gitea versions before 1.25.5 allows accepting malformed or injected forwarded-proto values when detecting public URLs, enabling spoofed canonical URL generation.
In Gitea 1.25.5, branch-specific write-permission results are cached across multiple refs within a single pre-receive hook session. This allows a per-branch maintainer-edit grant to be reused for other refs, escalating to full repository write access.
A vulnerability in Gitea up to version 1.26.1 is caused by insufficient permission checks for Composer package source links. This can expose private or internal package source information.
A vulnerability in Gitea up to version 1.26.2 allows repository RSS and Atom feed endpoints to bypass API access token scope checks. This exposes private repository commit data to tokens lacking the required repository scope.
A vulnerability in Gitea before version 1.25.5 allows draft release data or attachments to be accessed without the required write permission.
A vulnerability in Gitea before version 1.25.5 allows a user to change another user's primary email address.
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources.
The vulnerability in Gitea before version 1.25.5 is that LFS push and sync mirror operations do not use the migration HTTP transport, bypassing the configured migration transport protections for those LFS requests.
A vulnerability in Gitea before version 1.25.5 does not correctly persist the OAuth2 PKCE S256 challenge method during authorization, allowing token exchange without the required verifier check.
A vulnerability in Gitea before version 1.25.5 allows reuse of expired or single-use OAuth2 authorization codes during token exchange. Inconsistent enforcement of code expiry and single-use behavior may lead to unauthorized access.
A vulnerability in Gitea up to version 1.26.1 allows users with read-only access to a repository to authorize commits via the 'Allow edits from maintainers' permission path. This bypasses intended write restrictions.
A vulnerability in Gitea before version 1.25.5 allows deletion of time-tracked entries from another issue due to missing scoping of the lookup to the issue ID in the request URL.
A vulnerability in Gitea up to version 1.25.4 allows redirect bypasses by using raw or percent-encoded backslashes in the redirect_to parameter.
A vulnerability in Gitea before version 1.25.5 mishandles path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths.
A vulnerability in Gitea up to version 1.26.1 causes inconsistent filtering of public-only tokens in the user organization API, leaving an incomplete fix for CVE-2025-68941.
In Gitea versions before 1.25.5, insufficient visibility checks in organization permission APIs allow disclosure of hidden members and private organizations.

