Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github github vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-22862
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed th...
Github Github 3.0.0
4.3
CVSSv2
CVE-2021-34364
The Refined GitHub browser extension prior to 21.6.8 might allow XSS via a link in a document. NOTE: github.com sends Content-Security-Policy headers to, in general, address XSS and other concerns.
Refined-github Project Refined-github
7.5
CVSSv2
CVE-2021-44684
naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function.
Github-todos Project Github-todos
4.3
CVSSv2
CVE-2021-33961
A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter.
Enhanced-github Project Enhanced-github 5.0.11
NA
CVE-2023-46648
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an malicious user to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pendi...
Github Enterprise Server
Github Enterprise Server 3.11.0
NA
CVE-2022-23739
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level...
Github Enterprise Server 3.7.0
Github Enterprise Server
NA
CVE-2023-6802
An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an malicious user to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterpri...
Github Enterprise Server
Github Enterprise Server 3.11.0
2 Github repositories
NA
CVE-2023-6803
A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Github Enterprise Server
Github Enterprise Server 3.11.0
NA
CVE-2023-6804
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed...
Github Enterprise Server
Github Enterprise Server 3.11.0
NA
CVE-2023-6847
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured i...
Github Enterprise Server
Github Enterprise Server 3.11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »