gitea security advisories
2 threat alerts tracking vulnerabilities and security advisories that affect gitea products.
Vulnios monitors gitea CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent gitea security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-20897 — gitea — gitea
Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.
criticalCVE-2026-20897Critical Vulnerability: CVE-2026-20912 — gitea — gitea
Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different publi
criticalCVE-2026-20912
Track gitea exposure across your environment
Vulnios automatically cross-references your asset inventory against new gitea CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan