Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-f85h-c7m6-cfpm: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries

Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.

ghsa
Open in Source
#git#intel

Skip to content

Navigation Menu

    • AI CODE CREATION

      • GitHub CopilotWrite better code with AI

      • GitHub SparkBuild and deploy intelligent apps

      • GitHub ModelsManage and compare prompts

      • MCP RegistryNewIntegrate external tools

View all features
  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-68944

Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries

Moderate severity GitHub Reviewed Published Dec 26, 2025 to the GitHub Advisory Database • Updated Dec 26, 2025

Package

gomod code.gitea.io/gitea (Go)

Affected versions

< 1.22.2

Description

Published to the GitHub Advisory Database

Dec 26, 2025

Last updated

Dec 26, 2025

EPSS score

ghsa: Latest News

GHSA-rcfx-77hg-w2wv: FastMCP updated to MCP 1.23+ due to CVE-2025-66416
ghsa