Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
github github enterprise vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-2055
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass...
Github Github Enterprise
9.8
CVSSv3
CVE-2020-10516
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub...
Github Github
9.8
CVSSv3
CVE-2017-18365
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source...
Github Github
Github Github 2.8.7
6.5
CVSSv3
CVE-2021-22861
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able...
Github Github
6.5
CVSSv3
CVE-2021-22862
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed...
Github Github 3.0.0
6.5
CVSSv3
CVE-2021-22867
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub...
Github Enterprise Server
8.8
CVSSv3
CVE-2020-10518
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to...
Github Github
1 Github repository available
8.8
CVSSv3
CVE-2020-10519
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to...
Github Github
4.3
CVSSv3
CVE-2020-10517
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any...
Github Github
8.1
CVSSv3
CVE-2021-22863
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this...
Github Github
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
arbitrary
CVE-2022-2257
CVE-2013-4585
CVE-2013-4493
CVE-2022-26134
brute force
SQL
CVE-2022-30333
CVE-2022-33327
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »
Vulmon