Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6847
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured i...
Github Enterprise Server
Github Enterprise Server 3.11.0
4.3
CVSSv2
CVE-2020-23986
Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 exists to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError.
Github Readme Stats Project Github Readme Stats 1.0
NA
CVE-2019-25084
A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgradi...
Hide Files On Github Project Hide Files On Github
4.3
CVSSv2
CVE-2022-24722
VIewComponent is a framework for building view components in Ruby on Rails. Versions before 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and pass...
Github Viewcomponent
NA
CVE-2022-39321
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these d...
Github Runner
NA
CVE-2023-46650
Jenkins GitHub Plugin 1.37.3 and previous versions does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Github
4
CVSSv2
CVE-2018-1000183
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another m...
Jenkins Github
NA
CVE-2022-35954
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...
Github Toolkit
3.6
CVSSv2
CVE-2014-0177
The am function in lib/hub/commands.rb in hub prior to 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
Github Hub
NA
CVE-2022-36885
Jenkins GitHub Plugin 1.34.4 and previous versions uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing malicious users to use statistical methods to obtain a valid webhook signature.
Jenkins Github
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »