CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

930 matches found

ATTACKERKB•added 2026/04/21 10:11 p.m.•2 views

CVE-2026-5921

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...

9.5CVSS5.8AI score0.00079EPSS

Exploits0References8Affected Software1

Cvelist•added 2026/04/21 10:11 p.m.•28 views

CVE-2026-5921 Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack

9.5CVSS0.00079EPSS

Exploits0References7

Vulnrichment•added 2026/04/21 10:11 p.m.•1 views

CVE-2026-5921 Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack

9.5CVSS5.8AI score0.00079EPSS

Exploits0References7

CNNVD•added 2026/04/21 12:0 a.m.•4 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...

9.5CVSS5.8AI score0.00079EPSS

Exploits0References1

CNNVD•added 2026/04/21 12:0 a.m.•4 views

GitHub Enterprise Server 安全漏洞

5.3CVSS5.8AI score0.00038EPSS

Exploits0References1

Positive Technologies•added 2026/04/21 12:0 a.m.•4 views

PT-2026-34211

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper authorization issue exists where an authenticated attacker can determine the names of private repositories using their numeric ID. This occurs because the mobile upload...

5.3CVSS5.8AI score0.00038EPSS

Exploits0References10

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-34209

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An incorrect regular expression allows an attacker to bypass OAuth redirect URI validation. An attacker aware of a first-party OAuth application's registered callback URL can create a...

7.5CVSS5.8AI score0.0005EPSS

Exploits0References10

CNNVD•added 2026/04/21 12:0 a.m.•8 views

GitHub Enterprise Server 安全漏洞

8.1CVSS6.1AI score0.00014EPSS

Exploits0References1

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-34210

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper neutralization of special elements allows an authenticated Management Console administrator to execute arbitrary OS commands. This occurs via shell metacharacter injection...

8.1CVSS5.6AI score0.00014EPSS

Exploits0References10

CNNVD•added 2026/04/21 12:0 a.m.•6 views

GitHub Enterprise Server 安全漏洞

9.6CVSS5.8AI score0.00025EPSS

Exploits0References1

Positive Technologies•added 2026/04/21 12:0 a.m.•4 views

PT-2026-34212

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper authorization issue exists in scoped user-to-server ghu token authorization. An authenticated attacker can access private repositories outside the intended installation...

7.2CVSS5.7AI score0.00025EPSS

Exploits0References11

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-34196

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner id parameter in the request...

5.3CVSS5.9AI score0.00073EPSS

Exploits0References9

RedhatCVE•added 2026/03/26 3:12 p.m.•1 views

CVE-2026-3306

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...

5.3CVSS5.7AI score0.0003EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:4 p.m.•3 views

CVE-2026-3854

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly...

8.8CVSS6.4AI score0.00343EPSS

Exploits5References1

RedhatCVE•added 2026/03/26 2:59 p.m.•3 views

CVE-2026-2266

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTM...

7.4CVSS5.9AI score0.00034EPSS

Exploits0References1

EUVD•added 2026/03/10 9:32 p.m.•4 views

EUVD-2026-10792

7.4CVSS5.9AI score0.00034EPSS

Exploits0References3

EUVD•added 2026/03/10 9:32 p.m.•2 views

EUVD-2026-10793

7.4CVSS5.9AI score0.00034EPSS

Exploits0References3

EUVD•added 2026/03/10 9:32 p.m.•6 views

EUVD-2026-10828

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

5.3CVSS5.8AI score0.00026EPSS

Exploits0References5

EUVD•added 2026/03/10 9:32 p.m.•5 views

EUVD-2026-10829

5.3CVSS5.8AI score0.00026EPSS

Exploits0References5