Vulnerability Database

Published: Jun 21, 2020
Updated: Nov 16, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-14958" target="_blank" rel="noopener"> CVE-2020-14958
GHSA: <a href="https://github.com/advisories/GHSA-4c7m-vv47-7c69" target="_blank" rel="noopener"> GHSA-4c7m-vv47-7c69
Severity: Medium
Exploit:

309,136

Total vulnerabilities in the database

In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.

CVSS v3:

CVSS v2:

CWEs:

Software	From	Fixed in
gogs / gogs	0.11.91	0.11.91.x
gogs.io/gogs	-	0.12.0

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.