Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2025-47943

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3.

Published: Jun 26, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-47943
GHSA: GHSA-xh32-cx6c-cp4v
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
github.com/gogs/gogs	-	0.13.3-0.20250608224432-110117b2e5e5
gogs.io/gogs	-	0.13.3-0.20250608224432-110117b2e5e5

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo