817 matches found
CVE-2025-3509
A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically...
CVE-2025-3124
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only...
CVE-2025-3124
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only...
CVE-2025-3246 Markdown math block sanitization bypass allows privilege escalation and unauthorized workflow triggers
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used $$..$$ math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the...
CVE-2025-3246
CVE-2025-3246 targets GitHub Enterprise Server, specifically version 3.16.1, via an improper neutralization of input that enables cross-site scripting in GitHub Markdown using $$..$$ math blocks. The issue requires access to the target instance and privileged user interaction with the malicious e...
CVE-2025-3246 Markdown math block sanitization bypass allows privilege escalation and unauthorized workflow triggers
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used $$..$$ math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the...
CVE-2025-3509 Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation
A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically...
CVE-2025-3509 Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation
A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically...
CVE-2025-3509
CVE-2025-3509 affects GitHub Enterprise Server prior to 3.18 and is a Remote Code Execution in the pre-receive hook. The root cause involves using dynamically allocated ports that become temporarily available during specific operational conditions (e.g., hot patch upgrades), creating an exploitab...
CVE-2025-3124 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only...
CVE-2025-3124
CVE-2025-3124 concerns a missing authorization vulnerability in GitHub Enterprise Server that allowed a user to see the names of private repositories they otherwise wouldnโt access via the Security Overview in GitHub Advanced Security. The issue affected all versions prior to 3.17 and was fixed i...
CVE-2025-3124 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only...
PT-2025-17246 ยท Github ยท Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.18 Description: A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionalit...
PT-2025-17244 ยท Github ยท Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.17 Description: A missing authorization issue was identified in GitHub Enterprise Server, allowing users to see the names of private repositories they wouldn't otherwise have access to in the...
GitHub Enterprise Server ๅฎๅ จๆผๆด
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server version...
GitHub Enterprise Server ๅฎๅ จๆผๆด
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...
PT-2025-17245
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server version 3.16.1 Description An improper neutralization of input issue was identified in GitHub Enterprise Server, allowing cross-site scripting in GitHub Markdown that used $$..$$ math blocks. Exploitation required acce...
GitHub Enterprise Server ๅฎๅ จๆผๆด
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...
The vulnerability of the corporate version of the GitHub Enterprise Server, related to errors in verifying cryptographic signatures, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the corporate version of the GitHub Enterprise Server is related to errors in checking the cryptographic signature. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
CVE-2024-3646
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub...