Affected by GO-2022-1060 and 20 other vulnerabilities

GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

GO-2025-4225: Gogs vulnerable to a bypass of CVE-2024-55947 in gogs.io/gogs

GO-2026-4448: Gogs's update .git/config file allows remote command execution in gogs.io/gogs

GO-2026-4449: Gogs Vulnerable to 2FA Bypass via Recovery Code in gogs.io/gogs

GO-2026-4450: Gogs user can update repository content with read-only permission in gogs.io/gogs

GO-2026-4451: Gogs has a Denial of Service issue in gogs.io/gogs

GO-2026-4452: Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update in gogs.io/gogs

GO-2026-4453: Gogs has arbitrary file read/write via Path Traversal in Git hook editing in gogs.io/gogs

GO-2026-4454: Gogs vulnerable to Stored XSS via Mermaid diagrams in gogs.io/gogs

GO-2026-4457: Gogs has authorization bypass in repository deletion API in gogs.io/gogs

GO-2026-4498: Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs

GO-2026-4499: Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs in gogs.io/gogs

GO-2026-4500: Unauthenticated File Upload in Gogs in gogs.io/gogs

GO-2026-4501: Gogs Allows Cross-Repository Comment Deletion via DeleteComment in gogs.io/gogs

GO-2026-4616: Gogs: Cross-repository LFS object overwrite via missing content hash verification in gogs.io/gogs

GO-2026-4617: Gogs: Release tag option injection in release deletion in gogs.io/gogs

GO-2026-4618: Gogs: Stored XSS in branch and wiki views through author and committer names in gogs.io/gogs

GO-2026-4619: Gogs: Access tokens get exposed through URL params in API requests in gogs.io/gogs

GO-2026-4620: Gogs: Stored XSS via data URI in issue comments in gogs.io/gogs

GO-2026-4627: Gogs: DOM-based XSS via milestone selection in gogs.io/gogs

github

package

v0.13.3 Latest Latest Go to latest Published: Jun 8, 2025 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/gogs/gogs

Documentation ¶

Index ¶

func NewProvider(cfg *Config) auth.Provider
type Config
type Provider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewProvider ¶ added in v0.12.4

func NewProvider(cfg *Config) auth.Provider

NewProvider creates a new PAM authentication provider.

Types ¶

type Config ¶ added in v0.12.4

type Config struct {
	// the GitHub service endpoint, e.g. https://api.github.com/.
	APIEndpoint string
	SkipVerify  bool
}

Config contains configuration for GitHub authentication.

⚠️ WARNING: Change to the field name must preserve the INI key name for backward compatibility.

type Provider ¶ added in v0.12.4

type Provider struct {
	// contains filtered or unexported fields
}

Provider contains configuration of a PAM authentication provider.

func (*Provider) Authenticate ¶ added in v0.12.4

func (p *Provider) Authenticate(login, password string) (*auth.ExternalAccount, error)

func (*Provider) Config ¶ added in v0.12.4

func (p *Provider) Config() any

func (*Provider) HasTLS ¶ added in v0.12.4

func (*Provider) HasTLS() bool

func (*Provider) SkipTLSVerify ¶ added in v0.12.4

func (p *Provider) SkipTLSVerify() bool

func (*Provider) UseTLS ¶ added in v0.12.4

func (*Provider) UseTLS() bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL