github.com/go-gitea/gitea/models is a community managed fork of Gogs, lightweight code hosting solution written in Go.
Affected versions of this package are vulnerable to Information Exposure of users private email addresses. A malicious user may watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private.
github.com/go-gitea/gitea/models to version 1.5.1 or higher.
Do your applications use this vulnerable package?