Gogs is a organization tracked across 13 threat clusters and 35 intelligence report mentions on ThreatCluster. First observed December 10, 2025; most recent activity July 1, 2026.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that government agencies secure their systems against a critical Gogs vulnerability, tracked as CVE-2025-8110. This remote code execution…
A zero-day vulnerability in Gogs, identified as CVE-2025-8110, is being actively exploited, allowing authenticated users to execute remote code. This flaw affects over 50% of public-facing Gogs instances, and as of now,…
An anonymous researcher known as Bikini has released exploit code for over a dozen zero-day vulnerabilities affecting 15 popular open-source projects, including the Linux kernel and Libssh2. The exploits were disclosed…
Gogs, a self-hosted Git service, has a vulnerability allowing path traversal in organization names. This flaw permits attackers to create nested Git repositories, leading to the potential for Remote Code Execution (RCE)…
A critical argument injection vulnerability (CWE-88) has been discovered in Gogs, a widely used self-hosted Git service, allowing authenticated users to execute arbitrary code on the server. The flaw, identified by…
Multiple critical vulnerabilities affecting Gogs and Jinjava have been disclosed, with severe impacts including remote code execution (RCE) and unauthorized file access. Gogs vulnerabilities include CVE-2025-64111…
Dutch police, in collaboration with the National Cyber Security Centre (NCSC), have dismantled a massive botnet comprising over 17 million infected devices. The operation involved seizing more than 200 servers located…
A critical vulnerability in Gogs allows attackers to silently overwrite large file storage objects, posing a significant risk to users relying on this platform. The flaw could lead to unauthorized data manipulation…
Gogs, an open source self-hosted Git service, has two critical vulnerabilities prior to version 0.14.2. CVE-2026-26276 allows attackers to execute a DOM-Based XSS via malicious HTML/JavaScript in Milestone names, while…
A zero-day vulnerability in Gogs, a self-hosted Git service, is being actively exploited, affecting over 700 instances. Discovered by Wiz Research during a malware investigation, the vulnerability allows authenticated…