Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-263q-5cv3-xq9g: Gitea allows attackers to add attachments with forbidden file extensions

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

ghsa
Open in Source
#git#intel

Skip to content

Navigation Menu

    • AI CODE CREATION

      • GitHub CopilotWrite better code with AI

      • GitHub SparkBuild and deploy intelligent apps

      • GitHub ModelsManage and compare prompts

      • MCP RegistryNewIntegrate external tools

View all features
  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-68939

Gitea allows attackers to add attachments with forbidden file extensions

High severity GitHub Reviewed Published Dec 26, 2025 to the GitHub Advisory Database • Updated Dec 26, 2025

Package

gomod code.gitea.io/gitea (Go)

Affected versions

< 1.23.0

Description

Published to the GitHub Advisory Database

Dec 26, 2025

Last updated

Dec 26, 2025

EPSS score

ghsa: Latest News

GHSA-rcfx-77hg-w2wv: FastMCP updated to MCP 1.23+ due to CVE-2025-66416
ghsa