CVE-2025-13744

🗓️ 06 Jan 2026 20:44:02Reported by GitHub_PType

HTML rendering flaw enables exfiltration in GitHub Enterprise Server search; requires edit rights.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-13744	6 Jan 202621:59	–	circl
CNNVD	GitHub Enterprise Server 安全漏洞	6 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-13744 Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML	6 Jan 202620:44	–	cvelist
EUVD	EUVD-2026-0959	6 Jan 202620:44	–	euvd
NVD	CVE-2025-13744	6 Jan 202621:15	–	nvd
OSV	CVE-2025-13744	6 Jan 202621:15	–	osv
Positive Technologies	PT-2026-1508	6 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-13744	8 Jan 202603:14	–	redhatcve
Vulnrichment	CVE-2025-13744 Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML	6 Jan 202620:44	–	vulnrichment

NVD

Vulners

Node

github enterprise_serverRange3.14.0–3.14.20

github enterprise_serverRange3.15.0–3.15.15

github enterprise_serverRange3.16.0–3.16.11

github enterprise_serverRange3.17.0–3.17.8

github enterprise_serverRange3.18.0–3.18.2

github enterprise_serverMatch3.19.0

[
  {
    "defaultStatus": "affected",
    "product": "Enterprise Server",
    "vendor": "GitHub",
    "versions": [
      {
        "changes": [
          {
            "at": "3.14.20",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.14.19",
        "status": "affected",
        "version": "3.14.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "3.15.15",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.15.14",
        "status": "affected",
        "version": "3.15.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "3.16.11",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.16.10",
        "status": "affected",
        "version": "3.16.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "3.17.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.17.7",
        "status": "affected",
        "version": "3.17.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "3.18.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.18.1",
        "status": "affected",
        "version": "3.18.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "3.19.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.19.0",
        "status": "affected",
        "version": "3.19",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
docs	www.docs.github.com/en/[email protected]/admin/release-notes
docs	www.docs.github.com/en/[email protected]/admin/release-notes
docs	www.docs.github.com/en/[email protected]/admin/release-notes
docs	www.docs.github.com/en/[email protected]/admin/release-notes
docs	www.docs.github.com/en/[email protected]/admin/release-notes
docs	www.docs.github.com/en/[email protected]/admin/release-notes

17 Jun 2026 08:34Current

6Medium risk

Vulners AI Score6

CVSS 3.15.4

CVSS 48.4

EPSS0.00182

SSVC

CWE-79