Sign in Book a demo Get started free

← All vulnerabilities

MEDIUMSupply chain

GHSA-8629-VC8R-5P58

go · code.gitea.io/gitea

Summary

Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw

References

Related vulnerabilities

All Supply chain →

CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
MEDIUMGHSA-P5CP-R7RG-QPXC
Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode
MEDIUMGHSA-CX9V-4QJ2-JRW6
Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration
HIGHGHSA-VJQM-6GCC-62CR
Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion
HIGHGHSA-VRHC-3FR6-PC3C
Open WebUI: Forged chat-file link allows cross-user file read and deletion
MEDIUMGHSA-3FWP-P5RJ-2PXF
Gitea: Missing repository-unit authorization on issue-template API endpoints