CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

897 matches found

Github Enterprise Authenticated Remote Code Execution

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

9.8CVSS7.8AI score0.69506EPSS

Exploits1References5

Cvelist•added 6 days ago•26 views

CVE-2026-48501 GitHub CLI tokens leak via `gh attestation` commands

GitHub CLI gh is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

7.4CVSS0.00038EPSS

Exploits0References1

RedhatCVE•added last week•5 views

CVE-2026-9312

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By injecting path traversal content into request...

9.2CVSS5.8AI score0.00053EPSS

Exploits0References1

NVD•added 2026/05/27 12:16 a.m.•8 views

CVE-2026-9312

9.2CVSS0.00053EPSS

Exploits0References6

NVD•added 2026/05/27 12:16 a.m.•11 views

CVE-2026-8606

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

7CVSS0.00058EPSS

Exploits0References6

EUVD•added 2026/05/27 12:2 a.m.•8 views

EUVD-2026-32027

9.2CVSS5.8AI score0.00053EPSS

Exploits0References6

ATTACKERKB•added 2026/05/27 12:2 a.m.•3 views

CVE-2026-9312

9.2CVSS5.8AI score0.00053EPSS

Exploits0References7Affected Software1

Cvelist•added 2026/05/27 12:2 a.m.•29 views

CVE-2026-9312 Server-Side Request Forgery vulnerability in GitHub Enterprise Server allowed access to internal services via path traversal in upload endpoint

9.2CVSS0.00053EPSS

Exploits0References6

CVE•added 2026/05/27 12:2 a.m.•20 views

CVE-2026-9312

CVE-2026-9312 – GitHub Enterprise Server SSRF : An unauthenticated attacker could exploit insufficient input validation in an upload endpoint to inject path traversal and redirect internal API calls, potentially accessing internal services and sensitive credentials. Affected: all GitHub Enterpris...

9.2CVSS5.8AI score0.00053EPSS

Exploits0References6Affected Software1

Vulnrichment•added 2026/05/27 12:2 a.m.•4 views

CVE-2026-9312 Server-Side Request Forgery vulnerability in GitHub Enterprise Server allowed access to internal services via path traversal in upload endpoint

9.2CVSS5.8AI score0.00053EPSS

Exploits0References6

CNNVD•added 2026/05/27 12:0 a.m.•3 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.22 of GitHub Enterprise Server, there was a security...

9.2CVSS5.8AI score0.00053EPSS

Exploits0References6

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43434

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.22 Description A server-side request forgery SSRF issue exists where an unauthenticated attacker can send crafted requests to internal services due to insufficient input validation in an upload...

9.2CVSS5.8AI score0.00053EPSS

Exploits0References14

CNNVD•added 2026/05/27 12:0 a.m.•5 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21.1 of GitHub Enterprise Server, there was a security...

7CVSS5.8AI score0.00058EPSS

Exploits0References6

CVE•added 2026/05/26 11:59 p.m.•9 views

CVE-2026-8606

A Server-Side Request Forgery (SSRF) in GitHub Enterprise Server was exposed via the security advisories package lookup endpoint, allowing an attacker to issue HTTP requests to internal services. By directing requests to an internal management service and measuring response timing, an attacker co...

7CVSS5.8AI score0.00058EPSS

Exploits0References6Affected Software1

Vulnrichment•added 2026/05/26 11:59 p.m.•4 views

CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint

7CVSS5.8AI score0.00058EPSS

Exploits0References6

ATTACKERKB•added 2026/05/26 11:59 p.m.•8 views

CVE-2026-8606

7CVSS5.8AI score0.00058EPSS

Exploits0References7Affected Software1

EUVD•added 2026/05/26 11:59 p.m.•7 views

EUVD-2026-32025