EUVD-2026-28461

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

CVE-2026-7541 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...

CVE-2026-7541 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...

CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

PT-2026-36888

Name of the Vulnerable Software and Affected Versions Detect-It-Easy versions prior to 3.21 Description Insufficient path normalization during archive extraction allows attackers to write arbitrary files to the filesystem. By crafting malicious archive entries using absolute paths or relative...

CVE-2026-5921

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...

CVE-2026-3307

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

CVE-2026-4821

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...

PT-2026-34209

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An incorrect regular expression allows an attacker to bypass OAuth redirect URI validation. An attacker aware of a first-party OAuth application's registered callback URL can create a...

MiracleLinux 7 : nspr-4.11.0-1.el7, nss-softokn-3.16.2.3-14.2.el7, nss-3.21.0-9.el7, nss-util-3.21.0-2.2.el7 (AXSA:2016-217:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-217:01 advisory. nspr NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal fi...

EUVD-2025-197960

The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and output escaping on user supplied caption...

EUVD-2016-9478

Malware in sbrugna...

EUVD-2017-9054

Malware in sbrugna...

EUVD-2017-9114

Malware in sbrugna...

EUVD-1999-1451

Malware in sbrugna...

EUVD-2016-3027

Malware in sbrugna...

CVE-2017-17911

packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503...

OPENSUSE-SU-2024:11077-1 nbd-3.21-1.7 on GA media

These are all security issues fixed in the nbd-3.21-1.7 package on the GA media of openSUSE Tumbleweed...

net.enilink.komma:net.enilink.komma.common.ui.rcp (>=1.4.0 <=1.7.4), net.enilink.komma:net.enilink.komma.edit.ui.feature (>=1.4.2 <=1.7.4) +69 more potentially affected by CVE-2023-4218 via org.eclipse.platform:org.eclipse.ui.ide (>=3.13.0 <=3.21.0)

org.eclipse.platform:org.eclipse.ui.ide MAVEN version =3.13.0, =1.4.0, =1.4.2, =1.4.0, =1.4.2, =1.4.0, =1.3.2, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.2.0 and more Source cves: CVE-2023-4218 Source advisory: OSV:GHSA-J24H-XCPC-9JW8...