CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-25921

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2.

Exploit prediction scoring system (EPSS) score

CVSS Severity

CVSS v3 Score 9.3

References

https://github.com/gogs/gogs/commit/81ee8836445ac888d99da8b652be7d5cbc5c4d5c
https://github.com/gogs/gogs/pull/8166
https://github.com/gogs/gogs/releases/tag/v0.14.2
https://github.com/gogs/gogs/security/advisories/GHSA-cj4v-437j-jq4c

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25921

Products

Pricing

Contact Us