Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-22862
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed th...
Github Github 3.0.0
383
VMScore
CVE-2021-34364
The Refined GitHub browser extension prior to 21.6.8 might allow XSS via a link in a document. NOTE: github.com sends Content-Security-Policy headers to, in general, address XSS and other concerns.
Refined-github Project Refined-github
668
VMScore
CVE-2021-44684
naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function.
Github-todos Project Github-todos
383
VMScore
CVE-2021-33961
A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter.
Enhanced-github Project Enhanced-github 5.0.11
NA
CVE-2023-46648
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an malicious user to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pendi...
Github Enterprise Server
Github Enterprise Server 3.11.0
NA
CVE-2023-46649
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in versi...
Github Enterprise Server
Github Enterprise Server 3.11.0
NA
CVE-2023-6690
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and abov...
Github Enterprise Server
Github Enterprise Server 3.11.0
NA
CVE-2023-6746
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would...
Github Enterprise Server
Github Enterprise Server 3.11.0
NA
CVE-2023-6802
An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an malicious user to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterpri...
Github Enterprise Server
Github Enterprise Server 3.11.0
2 Github repositories
NA
CVE-2023-6803
A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Github Enterprise Server
Github Enterprise Server 3.11.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »