CVE-2025-64719: Gogs has a Denial of Service in repository/wiki file listing web pages

June 22, 2026

A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki.

References

github.com/advisories/GHSA-3qq3-668m-v9mj
github.com/gogs/gogs/commit/ae41bab5f28e4880edcef01c91d2cbb8839ec9e4
github.com/gogs/gogs/pull/8116
github.com/gogs/gogs/releases/tag/v0.14.3
github.com/gogs/gogs/security/advisories/GHSA-3qq3-668m-v9mj
nvd.nist.gov/vuln/detail/CVE-2025-64719

Code Behaviors & Features

Detect and mitigate CVE-2025-64719 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →