Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github github vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-23766
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of...
Github Enterprise Server 3.10.0
Github Enterprise Server
6.1
CVSSv3
CVE-2020-23986
Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 exists to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError.
Github Readme Stats Project Github Readme Stats 1.0
6.1
CVSSv3
CVE-2019-25084
A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgradi...
Hide Files On Github Project Hide Files On Github
5
CVSSv3
CVE-2022-35954
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...
Github Toolkit
6.5
CVSSv3
CVE-2018-1000183
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another m...
Jenkins Github
5.3
CVSSv3
CVE-2022-36885
Jenkins GitHub Plugin 1.34.4 and previous versions uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing malicious users to use statistical methods to obtain a valid webhook signature.
Jenkins Github
5.4
CVSSv3
CVE-2018-1000184
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Jenkins Github
5.4
CVSSv3
CVE-2023-46650
Jenkins GitHub Plugin 1.37.3 and previous versions does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Github
8.8
CVSSv3
CVE-2018-1000600
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and previous versions in GitHubTokenCredentialsCreator.java that allows malicious users to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, ...
Jenkins Github
NA
CVE-2014-0177
The am function in lib/hub/commands.rb in hub prior to 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
Github Hub
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »