Red Hat Pagure

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Red Hat Pagure.

By the Year

In 2026 there have been 0 vulnerabilities in Red Hat Pagure. Last year, in 2025 Pagure had 2 security vulnerabilities published. Right now, Pagure is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	2	6.80
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	1	6.10
2019	1	0.00

It may take a day or so for new Pagure vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Pagure Security Vulnerabilities

Dir traversal CVE-2024-4982 in Pagure server leaks secrets via crafted git repo
CVE-2024-4982 6.5 - Medium - May 12, 2025

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.

Pagure Symlink Path Traversal in Git Repo Uploads
CVE-2024-4981 7.1 - High - May 12, 2025

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.

Pagure before 5.6 allows XSS
CVE-2019-11556 6.1 - Medium - September 25, 2020

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

XSS

Pagure 5.2 leaks API keys by e-mailing them to users
CVE-2019-7628 - February 08, 2019

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
CVE-2017-1002151 7.5 - High - September 14, 2017

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

AuthZ

Pagure 2.2.1 XSS in raw file endpoint
CVE-2016-1000007 6.1 - Medium - October 07, 2016

Pagure 2.2.1 XSS in raw file endpoint

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Pagure or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

Red Hat Pagure
Product

Red Hat Pagure

Don't miss out!

By the Year

Recent Red Hat Pagure Security Vulnerabilities

Dir traversal CVE-2024-4982 in Pagure server leaks secrets via crafted git repo CVE-2024-4982 6.5 - Medium - May 12, 2025

Pagure Symlink Path Traversal in Git Repo Uploads CVE-2024-4981 7.1 - High - May 12, 2025

Pagure before 5.6 allows XSS CVE-2019-11556 6.1 - Medium - September 25, 2020

Pagure 5.2 leaks API keys by e-mailing them to users CVE-2019-7628 - February 08, 2019

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization CVE-2017-1002151 7.5 - High - September 14, 2017

Pagure 2.2.1 XSS in raw file endpoint CVE-2016-1000007 6.1 - Medium - October 07, 2016