Github Latest Vulnerabilities
October 11
GitHub Enterprise Server Vulnerability: Information Disclosure through Phishing
CVE-2024-9539
GithubGithub Enterprise Server
October 10
Unauthorized Provisioning of Users and Access via SAML SSO Authentication Vulnerability
CVE-2024-9487
GithubEnterprise Server😄
September 23
Nested Tag Vulnerability Affects All Versions of GitHub Enterprise Server
CVE-2024-8263
GitHubEnterprise Server2.7LOW
XSS Vulnerability in GitHub Enterprise Server Requires Immediate Action
CVE-2024-8770
GitHubEnterprise Server6.1MEDIUM
August 20
CVE-2024-7711
GithubEnterprise Server4.3MEDIUM
GitHub Enterprise Server XML Signature Wrapping Vulnerability
CVE-2024-6800
GithubGithub Enterprise Server9.8CRITICAL
Incorrect Authorization allows read access to issues in GitHub Enterprise Server
CVE-2024-6337
GithubGithub Enterprise Server6.5MEDIUM
July 16
CVE-2024-6395
GithubEnterprise Server5.3MEDIUM
Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository
CVE-2024-5815
GithubGithub Enterprise Server6.5MEDIUM
CVE-2024-5795
GithubEnterprise Server6.5MEDIUM
CVE-2024-5566
GithubEnterprise Server6.5MEDIUM
Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure
CVE-2024-6336
GithubGithub Enterprise Server5.3MEDIUM
Improper authorization allows read access to issue content in GitHub Enterprise Server
CVE-2024-5817
GithubGithub Enterprise Server6.5MEDIUM
Improper authorization allows persistent access in GitHub Enterprise Server
CVE-2024-5816
GithubGithub Enterprise Server5.3MEDIUM
July 10
Database Path Traversal Vulnerability Discovered in Stationai/devika GitHub Repository
CVE-2024-6433
GitHub
June 20
CVE-2024-5746
GithubGithub Enterprise Server7.6HIGH
May 20
Authentication Bypass Vulnerability in GitHub Enterprise Server via SAML Single Sign-On
CVE-2024-4985
GitHub😄👾
April 19
Race Condition in GitHub Enterprise Server Allows Existing Admin to Maintain Permissions on Detached Repository
CVE-2024-2440
GithubEnterprise Server5.5MEDIUM
Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
CVE-2024-3646
GithubEnterprise Server8HIGH
March 21
Improper Privilege Management Vulnerability Affects GitHub Enterprise Server
CVE-2024-1908
GithubEnterprise Server6.3MEDIUM
March 20
Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
CVE-2024-2443
GithubGithub Enterprise Server9.1CRITICAL
Remote Code Execution Vulnerability Affects GitHub Enterprise Server
CVE-2024-2469
GithubEnterprise Server8HIGH
February 22
CodeQL CLI Vulnerable to XML External Entity Attack
CVE-2024-25129
GithubCodeql-cli-binaries2.7LOW
February 14
Incorrect Authorization Vulnerability in GitHub Enterprise Server Allows Arbitrary Actions with GITHUB_TOKEN
CVE-2024-1482
GitHubEnterprise Server7.1HIGH
February 13
Command Injection Vulnerability in GitHub Enterprise Server Could Lead to Admin SSH Access
CVE-2024-1378
GithubEnterprise Server9.1CRITICAL
Command Injection Vulnerability in GitHub Enterprise Server Could Lead to Admin SSH Access
CVE-2024-1374
GithubEnterprise Server9.1CRITICAL
Command Injection Vulnerability in GitHub Enterprise Server Could Lead to Admin SSH Access
CVE-2024-1372
GithubEnterprise Server9.1CRITICAL
Command Injection Vulnerability in GitHub Enterprise Server Could Lead to Admin SSH Access
CVE-2024-1369
GithubEnterprise Server9.1CRITICAL
Command Injection Vulnerability in GitHub Enterprise Server Could Lead to Admin SSH Access
CVE-2024-1359
GithubEnterprise Server9.1CRITICAL
GitHub Enterprise Server Command Injection Vulnerability
CVE-2024-1355
GithubEnterprise Server9.1CRITICAL
GitHub Enterprise Server Command Injection Vulnerability
CVE-2024-1354
GithubEnterprise Server8HIGH
GitHub Enterprise Server Path Traversal Vulnerability
CVE-2024-1082
GithubEnterprise Server6.5MEDIUM
Cross-site Scripting Vulnerability in Tag Name Pattern Field Affects GitHub Enterprise Server
CVE-2024-1084
GitHubEnterprise Server6.1MEDIUM
January 16
CVE-2023-51381
GitHubEnterprise Server3.7LOW
Attacker can escalate privileges through Command Injection Vulnerability in GitHub Enterprise Server
CVE-2024-0507
GithubEnterprise Server6.5MEDIUM
Unsafe Reflection Vulnerability in GitHub Enterprise Server Could Lead to Remote Code Execution
CVE-2024-0200
GitHubEnterprise Server7.2HIGH
December 21
Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server
CVE-2023-51380
GithubEnterprise Server4.3MEDIUM
Incorrect Authorization Vulnerability Affects GitHub Enterprise Server
CVE-2023-51379
GitHubEnterprise Server4.9MEDIUM
Sensitive Information in Log File in GitHub Enterprise Server
CVE-2023-6746
GitHubEnterprise Server8.1HIGH
Race Condition allows Unauthorized Outside Collaborator
CVE-2023-6803
GitHubEnterprise Server5.8MEDIUM
Improper Privilege Management in GitHub Enterprise Server management console leads to privilege escalation
CVE-2023-46647
GitHubEnterprise Server8HIGH
Race Condition allows Administrative Access on Organization Repositories
CVE-2023-46649
GitHubEnterprise Server6.3MEDIUM
Sensitive Information in Log File in GitHub Enterprise Server
CVE-2023-6802
GithubEnterprise Server7.2HIGH
CVE-2023-6690
GitHubEnterprise Server3.9LOW
Insufficient Entropy in GitHub Enterprise Server Management Console Invitation Token
CVE-2023-46648
GitHubEnterprise Server8.3HIGH
CVE-2023-46646
GitHubEnterprise Server5.3MEDIUM
Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site
CVE-2023-46645
GithubEnterprise Server6.8MEDIUM
Improper Authentication in GitHub Enterprise Server leading to Authentication Bypass for Public Repository Data
CVE-2023-6847
GitHubEnterprise Server7.5HIGH
Improper Privilege Management allows for arbitrary workflows to be run
CVE-2023-6804
GitHubEnterprise Server6.5MEDIUM
September 22
Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
CVE-2023-23766
GithubEnterprise Server4.5MEDIUM
September 1
Information disclosure in GitHub Enterprise Server leading to private repository leakage
CVE-2023-23763
GithubEnterprise Server5.3MEDIUM
August 30
Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
CVE-2023-23765
GithubEnterprise Server4.8MEDIUM
July 27
Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
CVE-2023-23764
GithubEnterprise Server4.8MEDIUM
July 13
Quadratic complexity bugs may lead to a denial of service
CVE-2023-37463
GithubCmark-gfm6.4MEDIUM
April 7
Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
CVE-2023-23762
GitHubEnterprise Server5.3MEDIUM
Improper authentication vulnerability in GitHub Enterprise Server leading to modification of secret gists
CVE-2023-23761
GitHubEnterprise Server5.3MEDIUM
March 31
Quadratic complexity may lead to a denial of service in cmark-gfm
CVE-2023-24824
githubcmark-gfm7.5HIGH
Quadratic complexity may lead to a denial of service in cmark-gfm
CVE-2023-26485
githubcmark-gfm7.5HIGH
March 8
Path traversal in GitHub Enterprise Server leading to remote code execution
CVE-2023-23760
GitHubEnterprise Server8.8HIGH
March 7
Information disclosure in GitHub Enterprise Server leading to unauthorized viewing of private repository names
CVE-2022-46257
GithubGithub Enterprise Server4.3MEDIUM
March 2
Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions
CVE-2023-22381
GitHubEnterprise Server8.8HIGH
February 16
Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site
CVE-2023-22380
GitHubGitHub Enterprise Server6.5MEDIUM
January 26
cmark-gfm Quadratic complexity bug in handle_close_bracket may lead to a denial of service
CVE-2023-22486
githubcmark-gfm7.5HIGH
January 24
cmark-gfm out-of-bounds read in validate_protocol
CVE-2023-22485
githubcmark-gfm5.3MEDIUM
January 23
cmark-gfm Quadratic complexity bugs may lead to a denial of service
CVE-2023-22483
githubcmark-gfm7.5HIGH
Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service
CVE-2023-22484
githubcmark-gfm7.5HIGH
January 17
Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens
CVE-2022-23739
GithubGithub Enterprise Server9.8CRITICAL
January 9
Incorrect Authorization in GitHub Enterprise Server leads to Action Workflow modifications without Workflow Scope
CVE-2022-46258
GithubGithub Enterprise Server6.5MEDIUM
December 14
Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE
CVE-2022-46255
GithubGithub Enterprise Server9.8CRITICAL
Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access
CVE-2022-23741
GithubGithub Enterprise Server7.2HIGH
Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages
CVE-2022-46256
GithubGithub Enterprise Server8.8HIGH
December 1
Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion
CVE-2022-23737
GithubGithub Enterprise Server6.5MEDIUM
November 23
Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution
CVE-2022-23740
GithubGithub Enterprise Server8.8HIGH
November 1
Incomplete cache verification issue in GitHub Enterprise Server leading to exposure of private repo files
CVE-2022-23738
GithubGithub Enterprise Server5.7MEDIUM
October 19
Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution
CVE-2022-23734
GithubGithub Enterprise Server8.8HIGH
September 15
Uncontrolled Resource Consumption in cmark-gfm
CVE-2022-39209
GithubCmark-gfm7.5HIGH
August 2
Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes
CVE-2022-23733
GithubGithub Enterprise Server5.4MEDIUM
June 9
Use of Uninitialized Variable in trilogy
CVE-2022-31026
GithubTrilogy5.9MEDIUM
April 5
Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections
CVE-2022-23732
GithubGithub Enterprise Server8.8HIGH
March 3
Integer overflow in table parsing extension leads to heap memory corruption
CVE-2022-24724
GithubCmark-gfm8.8HIGH
March 2
Cross-site Scripting in view_component
CVE-2022-24722
GithubView Component8.1HIGH
February 18
Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution
CVE-2021-41599
GithubGithub Enterprise Server8.8HIGH
February 1
Command injection in gh-ost
CVE-2022-21687
GithubGh-ost6.8MEDIUM
January 25
UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user
CVE-2021-41598
GithubGithub Enterprise Server8.8HIGH
November 10
Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access
CVE-2021-22870
GithubGithub Enterprise Server6.5MEDIUM
September 24
Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server
CVE-2021-22868
GithubGithub Enterprise Server4.3MEDIUM
Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group
CVE-2021-22869
GithubGithub Enterprise Server9.8CRITICAL
August 12
Clipboard-based DOM-XSS
CVE-2021-37700
GithubPaste-markdown6.5MEDIUM
July 14
Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server
CVE-2021-22867
GithubGithub Enterprise Server6.5MEDIUM
May 25
CodeQL runner: Command-line options that make GitHub access tokens visible to other processes are now deprecated
CVE-2021-32638
GithubCodeql-action4.4MEDIUM
May 14
UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resources
CVE-2021-22866
GithubGithub Enterprise Server8.8HIGH
April 2
Improper access control in GitHub Enterprise Server leading to unauthorized read access to private repository metadata
CVE-2021-22865
GithubGithub Enterprise Server6.5MEDIUM
March 23
Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server
CVE-2021-22864
GithubGithub Enterprise Server8.8HIGH
March 3
Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests
CVE-2021-22863
GithubGithub Enterprise Server8.1HIGH
Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks
CVE-2021-22862
GithubGithub Enterprise Server6.5MEDIUM
Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server
CVE-2020-10519
GithubGithub Enterprise Server8.8HIGH
Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories
CVE-2021-22861
GithubGithub Enterprise Server6.5MEDIUM
August 27
Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names
CVE-2020-10517
GithubGithub Enterprise Server4.3MEDIUM
Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server
CVE-2020-10518
GithubGithub Enterprise Server8.8HIGH
July 1
Denial of service in table parsing in cmark-gfm
CVE-2020-5238
GithubCmark-gfm6.5MEDIUM