Synced 17 Jun 2026 06:32 UTC Account
← All products

Gitea

Gitea · Version control
↻ RSS feed
Monitors Gitea and tailors your dashboard to that exact version.
all versions0/100 Critical

Summary iPlain-English security verdict for Gitea, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Gitea currently scores 0/100 — critical. No tracked vulnerabilities are currently known to be exploited in the wild. Upgrade promptly to address the open critical vulnerabilities.

Disclosure trend iNew CVEs published for Gitea each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2020-14144 HIGH OS command injection EPSS 94% → see advisory CVE-2022-30781 HIGH CWE-116 EPSS 88% → fixed in 1.16.7 CVE-2019-11229 HIGH EPSS 56% → fixed in 1.7.6 CVE-2022-1058 MEDIUM CWE-601 EPSS 53% → fixed in 1.16.5 CVE-2018-18926 CRITICAL CWE-384 EPSS 3% → fixed in 1.5.4 CVE-2021-45327 CRITICAL CWE-436 EPSS 2% → fixed in 1.11.2 CVE-2019-11576 CRITICAL Improper authentication EPSS 2% → fixed in 1.8.0 CVE-2020-28991 CRITICAL EPSS 2% → fixed in 1.12.6 CVE-2021-45330 CRITICAL CWE-459 EPSS 1% → see advisory CVE-2021-45331 CRITICAL Improper authentication EPSS 1% → fixed in 1.5.0 CVE-2022-42968 CRITICAL CWE-88 EPSS 1% → fixed in 1.17.3 CVE-2026-20897 CRITICAL Improper access control EPSS 0% → fixed in 1.25.4

See all 52 known Gitea CVEs & security history →

Get alerted about Gitea

Be emailed the moment Gitea gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for Gitea — no marketing, no sharing, and we never know what you run. Track your whole stack →

Monitor up to 200 products — freeHit ☆ Monitor on anything you run, then sign in (no password) to sync your stack across devices and unlock smart insights, risk history & CSV/JSON exports. Sign in free →

Frequently asked

Is Gitea safe and patched?

Gitea currently scores 0/100 — critical. No tracked vulnerabilities are currently known to be exploited in the wild. Upgrade promptly to address the open critical vulnerabilities.

What should I do about Gitea now?

Review the patch-priority list, apply the available fixes (or move to the latest release), and confirm against Gitea's official advisory.

lifecycle unknown — needs latest supported version

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Gitea's official advisory before you patch or upgrade — Gitea official site ↗