CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

791 matches found

CNNVD•added 2026/04/21 12:0 a.m.•5 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...

8.1CVSS6.1AI score0.00014EPSS

Exploits0References1

Positive Technologies•added 2026/04/21 12:0 a.m.•4 views

PT-2026-34212

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper authorization issue exists in scoped user-to-server ghu token authorization. An authenticated attacker can access private repositories outside the intended installation...

7.2CVSS5.7AI score0.00025EPSS

Exploits0References11

CNNVD•added 2026/04/21 12:0 a.m.•4 views

GitHub Enterprise Server 安全漏洞

9.6CVSS5.8AI score0.00025EPSS

Exploits0References1

Positive Technologies•added 2026/04/21 12:0 a.m.•0 views

PT-2026-34210

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper neutralization of special elements allows an authenticated Management Console administrator to execute arbitrary OS commands. This occurs via shell metacharacter injection...

8.1CVSS5.6AI score0.00014EPSS

Exploits0References10

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-34196

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner id parameter in the request...

5.3CVSS5.9AI score0.00073EPSS

Exploits0References9

RedhatCVE•added 2026/03/26 3:12 p.m.•1 views

CVE-2026-3306

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...

5.3CVSS5.7AI score0.0003EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:4 p.m.•0 views

CVE-2026-3854

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly...

8.8CVSS6.4AI score0.00343EPSS

Exploits4References1

RedhatCVE•added 2026/03/26 2:59 p.m.•2 views

CVE-2026-2266

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTM...

7.4CVSS5.9AI score0.00034EPSS

Exploits0References1

EUVD•added 2026/03/10 9:32 p.m.•2 views

EUVD-2026-10792

7.4CVSS5.9AI score0.00034EPSS

Exploits0References3

EUVD•added 2026/03/10 9:32 p.m.•1 views

EUVD-2026-10793

7.4CVSS5.9AI score0.00034EPSS

Exploits0References3

EUVD•added 2026/03/10 9:32 p.m.•4 views

EUVD-2026-10828

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

5.3CVSS5.8AI score0.00026EPSS

Exploits0References5

OSV•added 2026/03/10 8:16 p.m.•0 views

CVE-2026-3582

4.3CVSS5.8AI score0.00026EPSS

Exploits0References4

OSV•added 2026/03/10 8:16 p.m.•2 views

CVE-2026-2266

5.4CVSS5.9AI score0.00034EPSS

Exploits0References2

NVD•added 2026/03/10 8:16 p.m.•1 views

CVE-2026-2266

7.4CVSS0.00034EPSS

Exploits0References2

CVE•added 2026/03/10 6:56 p.m.•4 views

CVE-2026-3582

CVE-2026-3582 affects GitHub Enterprise Server. An Incorrect Authorization vulnerability allowed an authenticated user with a classic PAT lacking the repo scope to retrieve issues and commits from private/internal repositories via the search REST API, provided the user already had access to the r...

5.3CVSS5.8AI score0.00026EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/03/10 6:56 p.m.•24 views

CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope

5.3CVSS0.00026EPSS

Exploits0References4

Cvelist•added 2026/03/10 6:55 p.m.•22 views

CVE-2026-2266 Improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting via task list content and enabled arbitrary HTML injection

7.4CVSS0.00034EPSS

Exploits0References2

CVE•added 2026/03/10 6:55 p.m.•4 views

CVE-2026-2266

CVE-2026-2266 : In GitHub Enterprise Server, there is a DOM-based cross-site scripting vulnerability caused by improper neutralization of input in the task list content rendering. Authenticated users can craft malicious task list items in issues or pull requests to inject user-supplied HTML and e...

7.4CVSS5.9AI score0.00034EPSS

Exploits0References2Affected Software1