Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github github vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2021-32724
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can se...
Check-spelling Check-spelling
1 Github repository
9.8
CVSSv3
CVE-2024-0200
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into a...
Github Enterprise Server
9.8
CVSSv3
CVE-2023-49569
A path traversal vulnerability exists in go-git versions prior to v5.11. This vulnerability allows an malicious user to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are us...
Go-git Project Go-git
1 Github repository
9.8
CVSSv3
CVE-2024-0321
Stack-based Buffer Overflow in GitHub repository gpac/gpac before 2.3-DEV.
Gpac Gpac
9.8
CVSSv3
CVE-2024-22051
CommonMarker versions before 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote malicious users to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing...
Github Cmark-gfm
Gjtorikian Commonmarker
9.8
CVSSv3
CVE-2023-51664
tj-actions/changed-files is a Github action to retrieve all files and directories. before 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an malicious user to execute arbitrary code and potentially leak secrets. This iss...
Tj-actions Changed-files
9.8
CVSSv3
CVE-2023-49291
tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run...
Tj-actions Branch-names
9.8
CVSSv3
CVE-2023-6126
Code Injection in GitHub repository salesagility/suitecrm before 7.14.2, 7.12.14, 8.4.2.
Salesagility Suitecrm 8.4.1
Salesagility Suitecrm 8.4.0
Salesagility Suitecrm 7.14.0
Salesagility Suitecrm
Salesagility Suitecrm 7.14.1
9.8
CVSSv3
CVE-2023-2675
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake before 2023.Q1.1223.
Linagora Twake
9.8
CVSSv3
CVE-2023-5865
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq before 3.2.2.
Phpmyfaq Phpmyfaq
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »