diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index e9606c88bfca..b27ebde8de18 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,36 @@
+  <vuln vid="eb437e17-66a1-11ef-ac08-75165d18d8d2">
+    <topic>forgejo -- The scope of application tokens was not verified when writing containers or Conan packages.</topic>
+    <affects>
+      <package>
+	<name>forgejo</name>
+	<range><lt>8.0.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The forgejo team reports:</p>
+	<blockquote cite="https://codeberg.org/forgejo/forgejo/milestone/7728">
+        <p>The scope of application tokens was not verified when writing
+        containers or Conan packages.  This is of no consequence when the
+        user associated with the application token does not have write
+        access to packages.  If the user has write access to packages, such
+        a token can be used to write containers and Conan packages.  An
+        application token that was used to write containers or Conan
+        packages without the package:write scope will now fail with an
+        unauthorized error.  It must be re-created to include the
+        package:write scope.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <url>https://codeberg.org/forgejo/forgejo/pulls/5149</url>
+    </references>
+    <dates>
+      <discovery>2024-08-26</discovery>
+      <entry>2024-08-30</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="44de1b82-662d-11ef-a51b-b42e991fc52e">
     <topic>firefox -- multiple vulnerabilities</topic>
     <affects>
diff --git a/www/forgejo/Makefile b/www/forgejo/Makefile
index 73b04fb21880..214a695bbdf2 100644
--- a/www/forgejo/Makefile
+++ b/www/forgejo/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	forgejo
 DISTVERSIONPREFIX=	v
-DISTVERSION=	8.0.1
+DISTVERSION=	8.0.2
 CATEGORIES=	www
 MASTER_SITES=	https://codeberg.org/forgejo/forgejo/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/
 DISTNAME=	forgejo-src-${DISTVERSION}
diff --git a/www/forgejo/distinfo b/www/forgejo/distinfo
index b3e52147de09..029c0eec019a 100644
--- a/www/forgejo/distinfo
+++ b/www/forgejo/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1724586002
-SHA256 (forgejo-src-8.0.1.tar.gz) = 284b2cc2a609d1766bb61f20cea7c6a9e2a34a9972f243d4962df2a24d15204a
-SIZE (forgejo-src-8.0.1.tar.gz) = 53413049
+TIMESTAMP = 1725002785
+SHA256 (forgejo-src-8.0.2.tar.gz) = 36929dbc206753f80766ea59b35adaf3cb28ed53fc89ac8640271f8766673546
+SIZE (forgejo-src-8.0.2.tar.gz) = 53459258