products / gitea
Gitea
Gitea is a lightweight, self-hosted Git platform written in Go. NVD tracks the application as gitea:gitea with enough historical CVE records to pass Attestd eligibility (live scripts/test_nvd.py verification).
api usage
Querying Gitea
product slug
giteaversion format
1.16.2, 1.21.0bash
curl "https://api.attestd.io/v1/check?product=gitea&version=1.16.2" \
-H "Authorization: Bearer $ATTESTD_KEY"Example line with multiple XSS and authorization issues from the 1.16.x era. Exact risk_state depends on NVD range aggregation for your semver.
json
{
"product": "gitea",
"version": "1.16.2",
"supported": true,
"risk_state": "high",
"risk_factors": ["cross_site_scripting", "patch_available"],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": true,
"patch_available": true,
"confidence": 0.85,
"cve_ids": ["CVE-2022-27313", "CVE-2022-30781"],
"last_updated": "2026-05-11T00:00:00Z"
}newer line
1.22.3 is a representative newer release for a spot check after patches.
bash
curl "https://api.attestd.io/v1/check?product=gitea&version=1.22.3" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | CVSS |
|---|---|---|
CVE-2022-27313 | Open redirect via repository migration. | 7.5 |
CVE-2022-30781 | Session fixation / cookie scope issue. | 8.1 |
CVE-2018-18926 | Remote code execution (historical, pre-1.5.4). | 9.8 |
related