Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2023-46649
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in versi...
Github Enterprise Server
Github Enterprise Server 3.11.0
6.1
CVSSv3
CVE-2020-23986
Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 exists to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError.
Github Readme Stats Project Github Readme Stats 1.0
6.1
CVSSv3
CVE-2019-25084
A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgradi...
Hide Files On Github Project Hide Files On Github
5.4
CVSSv3
CVE-2018-1000184
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Jenkins Github
5.3
CVSSv3
CVE-2022-36885
Jenkins GitHub Plugin 1.34.4 and previous versions uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing malicious users to use statistical methods to obtain a valid webhook signature.
Jenkins Github
6.1
CVSSv3
CVE-2022-24722
VIewComponent is a framework for building view components in Ruby on Rails. Versions before 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and pass...
Github Viewcomponent
5
CVSSv3
CVE-2022-35954
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...
Github Toolkit
6.5
CVSSv3
CVE-2018-1000183
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another m...
Jenkins Github
8.8
CVSSv3
CVE-2018-1000600
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and previous versions in GitHubTokenCredentialsCreator.java that allows malicious users to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, ...
Jenkins Github
5.4
CVSSv3
CVE-2023-46650
Jenkins GitHub Plugin 1.37.3 and previous versions does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Github
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »