Github Latest Vulnerabilities

December 4

Security Vulnerability in GitHub CLI Could Allow File Tampering

CVE-2024-54132
GitHub

November 27

{"GitHub CLI Vulnerability Leaks Authentication Tokens","Auth Token Leak in GitHub CLI","GitHub CLI Flaws Expose Tokens","Security Flaw in GitHub CLI Allows Token Leakage","GitHub CLI Authentication Token Vulnerability"}

CVE-2024-53858
GitHub

November 14

GitHub CLI vulnerable to Remote Code Execution through Malicious SSH Server

CVE-2024-52308
GitHubCli9.6CRITICAL

November 7

Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access

CVE-2024-8810
GithubEnterprise Server

Internal Access to Sensitive Data via Personal Access Tokens

CVE-2024-10824
GithubEnterprise Server

GitHub Enterprise Server Path Collision Vulnerability

CVE-2024-10007
GithubEnterprise Server

October 11

GitHub Enterprise Server Vulnerability: Information Disclosure through Phishing

CVE-2024-9539
GithubGithub Enterprise Server4.3MEDIUM

October 10

Unauthorized Provisioning of Users and Access via SAML SSO Authentication Vulnerability

CVE-2024-9487
GithubEnterprise Server😄9.1CRITICAL

September 23

XSS Vulnerability in GitHub Enterprise Server Requires Immediate Action

CVE-2024-8770
GitHubEnterprise Server6.1MEDIUM

Nested Tag Vulnerability Affects All Versions of GitHub Enterprise Server

CVE-2024-8263
GitHubEnterprise Server2.7LOW

August 20

GitHub Enterprise Server XML Signature Wrapping Vulnerability

CVE-2024-6800
GithubGithub Enterprise Server9.8CRITICAL

Incorrect Authorization allows read access to issues in GitHub Enterprise Server

CVE-2024-6337
GithubGithub Enterprise Server6.5MEDIUM

CVE-2024-7711
GithubEnterprise Server4.3MEDIUM

July 16

Improper authorization allows persistent access in GitHub Enterprise Server

CVE-2024-5816
GithubGithub Enterprise Server5.3MEDIUM

CVE-2024-5795
GithubEnterprise Server6.5MEDIUM

Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure

CVE-2024-6336
GithubGithub Enterprise Server5.3MEDIUM

CVE-2024-6395
GithubEnterprise Server5.3MEDIUM

Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository

CVE-2024-5815
GithubGithub Enterprise Server6.5MEDIUM

CVE-2024-5566
GithubEnterprise Server6.5MEDIUM

Improper authorization allows read access to issue content in GitHub Enterprise Server

CVE-2024-5817
GithubGithub Enterprise Server6.5MEDIUM

July 10

Database Path Traversal Vulnerability Discovered in Stationai/devika GitHub Repository

CVE-2024-6433
GitHub

June 20

CVE-2024-5746
GithubGithub Enterprise Server7.6HIGH

May 20

Authentication Bypass Vulnerability in GitHub Enterprise Server via SAML Single Sign-On

CVE-2024-4985
GitHub😄👾

April 19

Race Condition in GitHub Enterprise Server Allows Existing Admin to Maintain Permissions on Detached Repository

CVE-2024-2440
GithubEnterprise Server5.5MEDIUM

Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

CVE-2024-3646
GithubEnterprise Server8HIGH

March 21

Improper Privilege Management Vulnerability Affects GitHub Enterprise Server

CVE-2024-1908
GithubEnterprise Server6.3MEDIUM

March 20

Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

CVE-2024-2443
GithubGithub Enterprise Server9.1CRITICAL

Remote Code Execution Vulnerability Affects GitHub Enterprise Server

CVE-2024-2469
GithubEnterprise Server8HIGH

February 22

CodeQL CLI Vulnerable to XML External Entity Attack

CVE-2024-25129
GithubCodeql-cli-binaries2.7LOW

February 14

Incorrect Authorization Vulnerability in GitHub Enterprise Server Allows Arbitrary Actions with GITHUB_TOKEN

CVE-2024-1482
GitHubEnterprise Server7.1HIGH

February 13

Command Injection Vulnerability in GitHub Enterprise Server Could Lead to Admin SSH Access

CVE-2024-1378
GithubEnterprise Server9.1CRITICAL

Command Injection Vulnerability in GitHub Enterprise Server Could Lead to Admin SSH Access

CVE-2024-1374
GithubEnterprise Server9.1CRITICAL

Command Injection Vulnerability in GitHub Enterprise Server Could Lead to Admin SSH Access

CVE-2024-1372
GithubEnterprise Server9.1CRITICAL

Command Injection Vulnerability in GitHub Enterprise Server Could Lead to Admin SSH Access

CVE-2024-1369
GithubEnterprise Server9.1CRITICAL

Command Injection Vulnerability in GitHub Enterprise Server Could Lead to Admin SSH Access

CVE-2024-1359
GithubEnterprise Server9.1CRITICAL

GitHub Enterprise Server Command Injection Vulnerability

CVE-2024-1355
GithubEnterprise Server9.1CRITICAL

GitHub Enterprise Server Command Injection Vulnerability

CVE-2024-1354
GithubEnterprise Server8HIGH

GitHub Enterprise Server Path Traversal Vulnerability

CVE-2024-1082
GithubEnterprise Server6.5MEDIUM

Cross-site Scripting Vulnerability in Tag Name Pattern Field Affects GitHub Enterprise Server

CVE-2024-1084
GitHubEnterprise Server6.1MEDIUM

January 16

CVE-2023-51381
GitHubEnterprise Server3.7LOW

Attacker can escalate privileges through Command Injection Vulnerability in GitHub Enterprise Server

CVE-2024-0507
GithubEnterprise Server6.5MEDIUM

Unsafe Reflection Vulnerability in GitHub Enterprise Server Could Lead to Remote Code Execution

CVE-2024-0200
GitHubEnterprise Server7.2HIGH

December 21

Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site

CVE-2023-46645
GithubEnterprise Server6.8MEDIUM

Race Condition allows Administrative Access on Organization Repositories

CVE-2023-46649
GitHubEnterprise Server6.3MEDIUM

Incorrect Authorization Vulnerability Affects GitHub Enterprise Server

CVE-2023-51379
GitHubEnterprise Server4.9MEDIUM

Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server

CVE-2023-51380
GithubEnterprise Server4.3MEDIUM

Improper Privilege Management in GitHub Enterprise Server management console leads to privilege escalation

CVE-2023-46647
GitHubEnterprise Server8HIGH

CVE-2023-6690
GitHubEnterprise Server3.9LOW

Sensitive Information in Log File in GitHub Enterprise Server

CVE-2023-6746
GitHubEnterprise Server5.7MEDIUM

Sensitive Information in Log File in GitHub Enterprise Server

CVE-2023-6802
GithubEnterprise Server7.2HIGH

Improper Privilege Management allows for arbitrary workflows to be run

CVE-2023-6804
GithubEnterprise Server6.5MEDIUM

Improper Authentication in GitHub Enterprise Server leading to Authentication Bypass for Public Repository Data

CVE-2023-6847
GitHubEnterprise Server7.5HIGH

Race Condition allows Unauthorized Outside Collaborator

CVE-2023-6803
GitHubEnterprise Server5.8MEDIUM

Insufficient Entropy in GitHub Enterprise Server Management Console Invitation Token

CVE-2023-46648
GitHubEnterprise Server8.3HIGH

CVE-2023-46646
GithubEnterprise Server5.3MEDIUM

September 22

Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling

CVE-2023-23766
GithubEnterprise Server4.5MEDIUM

September 1

Information disclosure in GitHub Enterprise Server leading to private repository leakage

CVE-2023-23763
GithubEnterprise Server5.3MEDIUM

August 30

Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling

CVE-2023-23765
GithubEnterprise Server4.8MEDIUM

July 27

Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling

CVE-2023-23764
GithubEnterprise Server4.8MEDIUM

July 13

Quadratic complexity bugs may lead to a denial of service

CVE-2023-37463
GithubCmark-gfm6.4MEDIUM

April 7

Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling

CVE-2023-23762
GitHubEnterprise Server5.3MEDIUM

Improper authentication vulnerability in GitHub Enterprise Server leading to modification of secret gists

CVE-2023-23761
GitHubEnterprise Server5.3MEDIUM

March 31

Quadratic complexity may lead to a denial of service in cmark-gfm

CVE-2023-26485
githubcmark-gfm7.5HIGH

Quadratic complexity may lead to a denial of service in cmark-gfm

CVE-2023-24824
githubcmark-gfm7.5HIGH

March 8

Path traversal in GitHub Enterprise Server leading to remote code execution

CVE-2023-23760
GitHubEnterprise Server8.8HIGH

March 7

Information disclosure in GitHub Enterprise Server leading to unauthorized viewing of private repository names

CVE-2022-46257
GithubGithub Enterprise Server4.3MEDIUM

March 2

Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions

CVE-2023-22381
GitHubEnterprise Server8.8HIGH

February 16

Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site

CVE-2023-22380
GitHubGitHub Enterprise Server6.5MEDIUM

January 26

cmark-gfm Quadratic complexity bug in handle_close_bracket may lead to a denial of service

CVE-2023-22486
githubcmark-gfm7.5HIGH

January 24

cmark-gfm out-of-bounds read in validate_protocol

CVE-2023-22485
githubcmark-gfm5.3MEDIUM

January 23

Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service

CVE-2023-22484
githubcmark-gfm7.5HIGH

cmark-gfm Quadratic complexity bugs may lead to a denial of service

CVE-2023-22483
githubcmark-gfm7.5HIGH

January 17

Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens

CVE-2022-23739
GithubGithub Enterprise Server9.8CRITICAL

January 9

Incorrect Authorization in GitHub Enterprise Server leads to Action Workflow modifications without Workflow Scope

CVE-2022-46258
GithubGithub Enterprise Server6.5MEDIUM

December 14

Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages

CVE-2022-46256
GithubGithub Enterprise Server8.8HIGH

Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access

CVE-2022-23741
GithubGithub Enterprise Server7.2HIGH

Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE

CVE-2022-46255
GithubGithub Enterprise Server9.8CRITICAL

December 1

Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion

CVE-2022-23737
GithubGithub Enterprise Server6.5MEDIUM

November 23

Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution

CVE-2022-23740
GithubGithub Enterprise Server8.8HIGH

November 1

Incomplete cache verification issue in GitHub Enterprise Server leading to exposure of private repo files

CVE-2022-23738
GithubGithub Enterprise Server5.7MEDIUM

October 19

Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution

CVE-2022-23734
GithubGithub Enterprise Server8.8HIGH

September 15

Uncontrolled Resource Consumption in cmark-gfm

CVE-2022-39209
GithubCmark-gfm7.5HIGH

August 2

Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes

CVE-2022-23733
GithubGithub Enterprise Server5.4MEDIUM

June 9

Use of Uninitialized Variable in trilogy

CVE-2022-31026
GithubTrilogy5.9MEDIUM

April 5

Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections

CVE-2022-23732
GithubGithub Enterprise Server8.8HIGH

March 3

Integer overflow in table parsing extension leads to heap memory corruption

CVE-2022-24724
GithubCmark-gfm8.8HIGH

March 2

Cross-site Scripting in view_component

CVE-2022-24722
GithubView Component8.1HIGH

February 18

Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution

CVE-2021-41599
GithubGithub Enterprise Server8.8HIGH

February 1

Command injection in gh-ost

CVE-2022-21687
GithubGh-ost6.8MEDIUM

January 25

UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user

CVE-2021-41598
GithubGithub Enterprise Server8.8HIGH

November 10

Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access

CVE-2021-22870
GithubGithub Enterprise Server6.5MEDIUM

September 24

Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server

CVE-2021-22868
GithubGithub Enterprise Server4.3MEDIUM

Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group

CVE-2021-22869
GithubGithub Enterprise Server9.8CRITICAL

August 12

Clipboard-based DOM-XSS

CVE-2021-37700
GithubPaste-markdown6.5MEDIUM

July 14

Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server

CVE-2021-22867
GithubGithub Enterprise Server6.5MEDIUM

May 25

CodeQL runner: Command-line options that make GitHub access tokens visible to other processes are now deprecated

CVE-2021-32638
GithubCodeql-action4.4MEDIUM

May 14

UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resources

CVE-2021-22866
GithubGithub Enterprise Server8.8HIGH

April 2

Improper access control in GitHub Enterprise Server leading to unauthorized read access to private repository metadata

CVE-2021-22865
GithubGithub Enterprise Server6.5MEDIUM

March 23

Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server

CVE-2021-22864
GithubGithub Enterprise Server8.8HIGH

March 3

Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests

CVE-2021-22863
GithubGithub Enterprise Server8.1HIGH