Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-23739
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level...
Github Enterprise Server 3.7.0
Github Enterprise Server
6.1
CVSSv3
CVE-2020-23986
Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 exists to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError.
Github Readme Stats Project Github Readme Stats 1.0
6.1
CVSSv3
CVE-2019-25084
A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgradi...
Hide Files On Github Project Hide Files On Github
6.1
CVSSv3
CVE-2022-24722
VIewComponent is a framework for building view components in Ruby on Rails. Versions before 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and pass...
Github Viewcomponent
NA
CVE-2014-0177
The am function in lib/hub/commands.rb in hub prior to 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
Github Hub
5
CVSSv3
CVE-2022-35954
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...
Github Toolkit
9.9
CVSSv3
CVE-2022-39321
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these d...
Github Runner
6.5
CVSSv3
CVE-2018-1000183
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another m...
Jenkins Github
5.4
CVSSv3
CVE-2018-1000184
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Jenkins Github
8.8
CVSSv3
CVE-2018-1000600
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and previous versions in GitHubTokenCredentialsCreator.java that allows malicious users to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, ...
Jenkins Github
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »