Go to main page
Versions in this module
v1
Sep 24, 2025 GO-2025-4261
GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
Jan 22, 2026 GO-2025-4261
GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
Dec 18, 2025 GO-2025-4261
GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
Nov 22, 2025 GO-2025-4261
GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
Nov 4, 2025 GO-2025-4258 +2 more
GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea
Oct 29, 2025 GO-2025-4258 +2 more
GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea
Changes in this version
Sep 25, 2025 GO-2025-4258 +2 more
GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea