Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-52801	Gogs: Ability to import local repositories via Mirror Settings_CVE-2026-52801 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well pr...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-52800	Gogs: CSRF Leading to Organization Owner Takeover_CVE-2026-52800 Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-52799	Gogs: Missing Authorization in Attachment Download_CVE-2026-52799 Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether t...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.9	CVE-2026-52798	Gogs: Stored XSS in `.ipynb` Preview_CVE-2026-52798 Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitize_ipyn...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
LOW 3.5	CVE-2026-52796	Gogs: DoS in rendering issue index pattern_CVE-2026-52796 Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting ...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-52795	Gogs: Authorization Bypass in Watch API allows any user to monitor private repository activity_CVE-2026-52795 Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to...	gogs	gogs <= 0.14.3	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-50129	Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER_CVE-2026-50129 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by (Uncaugh...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.11	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-50128	Mastodon: Spoofing of attribution domains_CVE-2026-50128 Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.11	Jun 24, 2026	CVE
HIGH 8.3	CVE-2026-47267	Gogs: SSRF in webhook deliveries_CVE-2026-47267 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs wi...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-25119	Gogs: Authentication Bypass via Unvalidated Reverse Proxy Headers_CVE-2026-25119 Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the configured a...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE