CVE-2025-13744 Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML

🗓️ 06 Jan 2026 20:44:02Reported by GitHub_PType

CVE-2025-13744 in GitHub Enterprise Server lets malicious HTML in filter search exfiltrate data.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-13744	6 Jan 202621:59	–	circl
CNNVD	GitHub Enterprise Server 安全漏洞	6 Jan 202600:00	–	cnnvd
CVE	CVE-2025-13744	6 Jan 202620:44	–	cve
EUVD	EUVD-2026-0959	6 Jan 202620:44	–	euvd
NVD	CVE-2025-13744	6 Jan 202621:15	–	nvd
OSV	CVE-2025-13744	6 Jan 202621:15	–	osv
Positive Technologies	PT-2026-1508	6 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-13744	8 Jan 202603:14	–	redhatcve
Vulnrichment	CVE-2025-13744 Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML	6 Jan 202620:44	–	vulnrichment

[
  {
    "defaultStatus": "affected",
    "product": "Enterprise Server",
    "vendor": "GitHub",
    "versions": [
      {
        "changes": [
          {
            "at": "3.14.20",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.14.19",
        "status": "affected",
        "version": "3.14.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "3.15.15",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.15.14",
        "status": "affected",
        "version": "3.15.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "3.16.11",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.16.10",
        "status": "affected",
        "version": "3.16.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "3.17.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.17.7",
        "status": "affected",
        "version": "3.17.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "3.18.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.18.1",
        "status": "affected",
        "version": "3.18.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "3.19.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.19.0",
        "status": "affected",
        "version": "3.19",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
docs	www.docs.github.com/en/[email protected]/admin/release-notes
docs	www.docs.github.com/en/[email protected]/admin/release-notes
docs	www.docs.github.com/en/[email protected]/admin/release-notes
docs	www.docs.github.com/en/[email protected]/admin/release-notes
docs	www.docs.github.com/en/[email protected]/admin/release-notes
docs	www.docs.github.com/en/[email protected]/admin/release-notes

06 Jan 2026 20:44Current

CVSS 48.4

EPSS0.00182

CWE-79