Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-pc73-rj2c-wvf9: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.

ghsa
Open in Source
#git#intel#auth

Skip to content

Navigation Menu

    • AI CODE CREATION

      • GitHub CopilotWrite better code with AI

      • GitHub SparkBuild and deploy intelligent apps

      • GitHub ModelsManage and compare prompts

      • MCP RegistryNewIntegrate external tools

View all features
  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-69413

Gitea’s /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists

Moderate severity GitHub Reviewed Published Jan 1, 2026 to the GitHub Advisory Database • Updated Jan 2, 2026

Package

gomod code.gitea.io/gitea (Go)

Affected versions

< 1.25.2

Description

Published to the GitHub Advisory Database

Jan 1, 2026

ghsa: Latest News

GHSA-5j4h-4f72-qpm6: Bagisto has Normal & Blind SSTI from low-privilege user when ordering product
ghsa