[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-44625":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":50,"duplicate_of":9,"upstream":53,"downstream":54,"duplicates":57,"related":58,"reserved_at":9,"published_at":60,"modified_at":61,"state":62,"summary":63,"references_raw":71,"kevs":111,"epss":112,"epss_history":115,"metrics":358,"affected":368},"CVE-2024-44625","Gogs \u003C=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_872243AD1DA7C5A1","Exploit Reference (fysac.github.io)","reference","https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/","unknown",0.2,false,[],[51,52],"GHSA-phm4-wf3h-pc3r","GO-2024-3275",[],[55],{"_key":56},"OPENSUSE-SU-2024:14513-1",[],[59],{"_key":56},"2024-11-15T00:00:00.000Z","2024-11-20T20:20:11.482Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":64,"epss_score":65,"severity":66,"severity_score":67,"severity_version":68,"severity_source":69,"severity_vector":70,"severity_status":62},"critical",0.81794,"high",8.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[72,78,83,89,94,99,103,107],{"url":73,"sources":74,"tags":76},"https://gogs.io/",[69,75],"nvd",[77],"Product",{"url":45,"sources":79,"tags":80},[69,75],[81,82],"Exploit","Third Party Advisory",{"url":84,"sources":85,"tags":87},"https://nvd.nist.gov/vuln/detail/CVE-2024-44625",[86],"osv_go",[88],"Advisory",{"url":90,"sources":91,"tags":92},"https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs",[86],[93],"WEB",{"url":95,"sources":96,"tags":97},"https://github.com/gogs/gogs",[86],[98],"PACKAGE",{"url":100,"sources":101,"tags":102},"https://gogs.io",[86],[93],{"url":104,"sources":105,"tags":106},"https://pkg.go.dev/vuln/GO-2024-3275",[86],[93],{"url":108,"sources":109,"tags":110},"https://github.com/advisories/GHSA-phm4-wf3h-pc3r",[86],[88],[],{"date":113,"score":65,"percentile":114},"2026-06-04",0.99214,[116,120,123,125,128,130,133,135,137,140,143,146,149,152,154,158,161,164,167,170,172,175,178,181,184,186,188,191,194,196,198,200,202,205,208,211,214,217,220,223,225,228,231,234,237,240,243,246,249,251,255,259,262,265,268,271,274,276,278,281,285,287,290,293,295,298,300,303,306,308,311,313,316,319,322,325,328,331,333,335,337,339,341,343,345,347,349,351,353,355],{"date":117,"score":118,"percentile":119},"2025-11-04",0.16275,0.94545,{"date":121,"score":118,"percentile":122},"2025-11-05",0.94544,{"date":124,"score":118,"percentile":119},"2025-11-06",{"date":126,"score":118,"percentile":127},"2025-11-07",0.94547,{"date":129,"score":118,"percentile":122},"2025-11-08",{"date":131,"score":118,"percentile":132},"2025-11-09",0.94543,{"date":134,"score":118,"percentile":132},"2025-11-10",{"date":136,"score":118,"percentile":122},"2025-11-11",{"date":138,"score":118,"percentile":139},"2025-11-12",0.94548,{"date":141,"score":118,"percentile":142},"2025-11-13",0.94549,{"date":144,"score":118,"percentile":145},"2025-11-14",0.94551,{"date":147,"score":118,"percentile":148},"2025-11-15",0.94546,{"date":150,"score":118,"percentile":151},"2025-11-16",0.9455,{"date":153,"score":118,"percentile":142},"2025-11-17",{"date":155,"score":156,"percentile":157},"2025-11-18",0.17674,0.94606,{"date":159,"score":156,"percentile":160},"2025-11-19",0.94609,{"date":162,"score":156,"percentile":163},"2025-11-20",0.94614,{"date":165,"score":118,"percentile":166},"2025-11-21",0.94557,{"date":168,"score":118,"percentile":169},"2025-11-22",0.94555,{"date":171,"score":118,"percentile":166},"2025-11-23",{"date":173,"score":118,"percentile":174},"2025-11-24",0.9456,{"date":176,"score":118,"percentile":177},"2025-11-25",0.94563,{"date":179,"score":118,"percentile":180},"2025-11-26",0.94564,{"date":182,"score":118,"percentile":183},"2025-11-27",0.94567,{"date":185,"score":118,"percentile":180},"2025-11-28",{"date":187,"score":118,"percentile":183},"2025-11-29",{"date":189,"score":118,"percentile":190},"2025-11-30",0.94565,{"date":192,"score":118,"percentile":193},"2025-12-01",0.9461,{"date":195,"score":118,"percentile":193},"2025-12-02",{"date":197,"score":118,"percentile":160},"2025-12-03",{"date":199,"score":118,"percentile":174},"2025-12-04",{"date":201,"score":118,"percentile":177},"2025-12-05",{"date":203,"score":118,"percentile":204},"2025-12-06",0.94562,{"date":206,"score":118,"percentile":207},"2025-12-07",0.94568,{"date":209,"score":118,"percentile":210},"2025-12-08",0.94569,{"date":212,"score":118,"percentile":213},"2025-12-09",0.94573,{"date":215,"score":118,"percentile":216},"2025-12-10",0.9458,{"date":218,"score":118,"percentile":219},"2025-12-11",0.94583,{"date":221,"score":118,"percentile":222},"2025-12-12",0.94586,{"date":224,"score":118,"percentile":222},"2025-12-13",{"date":226,"score":118,"percentile":227},"2025-12-14",0.94584,{"date":229,"score":118,"percentile":230},"2025-12-15",0.94589,{"date":232,"score":118,"percentile":233},"2025-12-16",0.94592,{"date":235,"score":118,"percentile":236},"2025-12-17",0.94596,{"date":238,"score":118,"percentile":239},"2025-12-18",0.94598,{"date":241,"score":118,"percentile":242},"2025-12-19",0.94599,{"date":244,"score":118,"percentile":245},"2025-12-20",0.946,{"date":247,"score":118,"percentile":248},"2025-12-21",0.94601,{"date":250,"score":118,"percentile":248},"2025-12-22",{"date":252,"score":253,"percentile":254},"2025-12-23",0.36013,0.96936,{"date":256,"score":257,"percentile":258},"2025-12-24",0.6644,0.98457,{"date":260,"score":257,"percentile":261},"2025-12-25",0.98459,{"date":263,"score":257,"percentile":264},"2025-12-26",0.98458,{"date":266,"score":257,"percentile":267},"2025-12-27",0.9848,{"date":269,"score":257,"percentile":270},"2025-12-28",0.98461,{"date":272,"score":257,"percentile":273},"2025-12-29",0.98462,{"date":275,"score":257,"percentile":270},"2025-12-30",{"date":277,"score":257,"percentile":273},"2025-12-31",{"date":279,"score":257,"percentile":280},"2026-01-01",0.98478,{"date":282,"score":283,"percentile":284},"2026-01-02",0.6597,0.9846,{"date":286,"score":283,"percentile":261},"2026-01-03",{"date":288,"score":283,"percentile":289},"2026-01-04",0.98443,{"date":291,"score":283,"percentile":292},"2026-01-05",0.98444,{"date":294,"score":283,"percentile":292},"2026-01-06",{"date":296,"score":283,"percentile":297},"2026-01-07",0.98445,{"date":299,"score":283,"percentile":297},"2026-01-08",{"date":301,"score":283,"percentile":302},"2026-01-09",0.98447,{"date":304,"score":283,"percentile":305},"2026-01-10",0.98449,{"date":307,"score":283,"percentile":305},"2026-01-11",{"date":309,"score":283,"percentile":310},"2026-01-12",0.98448,{"date":312,"score":283,"percentile":310},"2026-01-13",{"date":314,"score":283,"percentile":315},"2026-01-14",0.9845,{"date":317,"score":283,"percentile":318},"2026-01-15",0.98451,{"date":320,"score":283,"percentile":321},"2026-01-16",0.98452,{"date":323,"score":283,"percentile":324},"2026-01-17",0.98453,{"date":326,"score":283,"percentile":327},"2026-01-18",0.98455,{"date":329,"score":283,"percentile":330},"2026-01-19",0.98456,{"date":332,"score":283,"percentile":327},"2026-01-20",{"date":334,"score":283,"percentile":327},"2026-01-21",{"date":336,"score":283,"percentile":330},"2026-01-22",{"date":338,"score":283,"percentile":264},"2026-01-23",{"date":340,"score":283,"percentile":261},"2026-01-24",{"date":342,"score":283,"percentile":261},"2026-01-25",{"date":344,"score":283,"percentile":284},"2026-01-26",{"date":346,"score":283,"percentile":270},"2026-01-27",{"date":348,"score":283,"percentile":270},"2026-01-28",{"date":350,"score":283,"percentile":270},"2026-01-29",{"date":352,"score":283,"percentile":270},"2026-01-30",{"date":354,"score":283,"percentile":284},"2026-01-31",{"date":356,"score":283,"percentile":357},"2026-02-01",0.98473,[359,364,366],{"source":69,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":360,"cvss_v4_0":9},{"baseScore":67,"baseSeverity":361,"vectorString":70,"impactScore":362,"exploitabilityScore":363},"HIGH",9.8,7.2,{"source":75,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":365,"cvss_v4_0":9},{"baseScore":67,"baseSeverity":361,"vectorString":70,"impactScore":362,"exploitabilityScore":363},{"source":86,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":367,"cvss_v4_0":9},{"baseScore":67,"baseSeverity":9,"vectorString":70,"impactScore":362,"exploitabilityScore":363},[369,378],{"ecosystem":9,"name":370,"vendor":9,"product":370,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":371},"Gogs",[372],{"version":373,"is_range":374,"range_type":375,"version_start":9,"version_start_type":9,"version_end":376,"version_end_type":377,"fixed_in":9},"lte0.13.0",true,"cpe","0.13.0","including",{"ecosystem":379,"name":380,"vendor":381,"product":382,"cpe_part":9,"purl_type":383,"purl_namespace":381,"purl_name":382,"source":9,"versions":384},"Go","gogs.io/gogs","gogs.io","gogs","golang",[385,390],{"version":386,"is_range":374,"range_type":387,"version_start":9,"version_start_type":9,"version_end":388,"version_end_type":389,"fixed_in":9},"lt0_13_2","semver","0.13.2","excluding",{"version":391,"is_range":374,"range_type":387,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all"]