Gogs vulnerabilities: known CVEs & security history
Gogs · Version control · 49 tracked CVEs · 1 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Gogs release lines — 49 in total, with 1 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Gogs's current status and the safe version to run.
Known Gogs CVEs
Actively-exploited and most-severe first. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2025-8110⚡ exploited | high | 8.8 | 77% | 2025 |
| CVE-2024-56731 | critical | 10 | 1% | 2025 |
| CVE-2024-39932 | critical | 9.9 | 18% | 2024 |
| CVE-2024-39931 | critical | 9.9 | 51% | 2024 |
| CVE-2024-39930 | critical | 9.9 | 7% | 2024 |
| CVE-2026-25242 | critical | 9.8 | 1% | 2026 |
| CVE-2025-64111 | critical | 9.8 | 1% | 2026 |
| CVE-2024-54148 | critical | 9.8 | 1% | 2024 |
| CVE-2022-1884 | critical | 9.8 | 2% | 2024 |
| CVE-2022-2024 | critical | 9.8 | 98% | 2023 |
| CVE-2022-1986 | critical | 9.8 | 5% | 2022 |
| CVE-2019-14544 | critical | 9.8 | 2% | 2019 |
| CVE-2018-18925 | critical | 9.8 | 32% | 2018 |
| CVE-2026-25921 | critical | 9.3 | 0% | 2026 |
| CVE-2022-1992 | critical | 9.1 | 2% | 2022 |
| CVE-2022-0871 | critical | 9.1 | 1% | 2022 |
| CVE-2022-32174 | critical | 9 | 58% | 2022 |
| CVE-2026-25232 | high | 8.8 | 0% | 2026 |
| CVE-2025-64175 | high | 8.8 | 0% | 2026 |
| CVE-2024-55947 | high | 8.8 | 75% | 2024 |
| CVE-2024-44625 | high | 8.8 | 15% | 2024 |
| CVE-2021-32546 | high | 8.8 | 2% | 2022 |
| CVE-2022-0415 | high | 8.8 | 65% | 2022 |
| CVE-2018-15193 | high | 8.8 | 1% | 2018 |
| CVE-2026-26022 | high | 8.7 | 0% | 2026 |
| CVE-2018-16409 | high | 8.6 | 1% | 2018 |
| CVE-2018-15192 | high | 8.6 | 2% | 2018 |
| CVE-2026-24135 | high | 8.1 | 1% | 2026 |
| CVE-2022-1993 | high | 8.1 | 50% | 2022 |
| CVE-2024-39933 | high | 7.7 | 1% | 2024 |
| CVE-2018-20303 | high | 7.5 | 3% | 2018 |
| CVE-2026-26276 | high | 7.3 | 0% | 2026 |
| CVE-2026-26194 | high | 7.3 | 0% | 2026 |
| CVE-2020-15867 | high | 7.2 | 88% | 2020 |
| CVE-2026-25229 | medium | 6.5 | 0% | 2026 |
| CVE-2026-23633 | medium | 6.5 | 0% | 2026 |
| CVE-2026-23632 | medium | 6.5 | 0% | 2026 |
| CVE-2026-22592 | medium | 6.5 | 0% | 2026 |
| CVE-2022-1285 | medium | 6.5 | 1% | 2022 |
| CVE-2020-14958 | medium | 6.5 | 1% | 2020 |
| CVE-2026-26195 | medium | 6.1 | 0% | 2026 |
| CVE-2018-17031 | medium | 6.1 | 1% | 2018 |
| CVE-2018-15178 | medium | 6.1 | 1% | 2018 |
| CVE-2020-9329 | medium | 5.9 | 1% | 2020 |
| CVE-2022-31038 | medium | 5.4 | 1% | 2022 |
| CVE-2022-1464 | medium | 5.4 | 1% | 2022 |
| CVE-2026-26196 | medium | 5.3 | 0% | 2026 |
| CVE-2022-0870 | medium | 5.3 | 3% | 2022 |
| CVE-2026-25120 | low | 2.7 | 0% | 2026 |
Is my Gogs version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Gogs version → · Monitor Gogs for new CVEs →
Gogs vulnerabilities — frequently asked
How many known vulnerabilities does Gogs have?
IsItPatched tracks 49 CVEs for Gogs, 1 of which is actively exploited (CISA KEV). 16 are critical-severity and 18 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Gogs have any actively-exploited vulnerabilities?
Yes — 1 Gogs CVE is in CISA's Known Exploited Vulnerabilities catalog, meaning it is confirmed exploited in the wild. Patch it as a priority.
What is the most severe Gogs vulnerability?
Among tracked issues, CVE-2025-8110 (HIGH, CVSS 8.8), which is actively exploited, ranks highest — a Path traversal weakness.
Is Gogs safe to use?
It depends on the version. The latest supported Gogs release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Gogs security status · Gogs end-of-life · actively-exploited CVEs. Always verify against Gogs's advisories — see our disclaimer.