CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29552 matches found

NVD•added 2026/02/18 9:16 p.m.•4 views

CVE-2026-1355

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

6.5CVSS0.00193EPSS

Exploits0References6

OSV•added 2026/02/18 9:16 p.m.•3 views

CVE-2026-1355

6.5CVSS5.8AI score

Exploits0References6

OSV•added 2026/02/18 9:16 p.m.•3 views

CVE-2026-0573

An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repositorypages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a...

9CVSS6.2AI score0.00066EPSS

Exploits0References6

NVD•added 2026/02/18 9:16 p.m.•4 views

CVE-2026-0573

9CVSS0.00066EPSS

Exploits0References6

CVE•added 2026/02/18 8:44 p.m.•9 views

CVE-2026-1999

CVE-2026-1999 affects GitHub Enterprise Server and is an incorrect authorization vulnerability in the enable_auto_merge mutation for pull requests. An attacker could merge their own PR into a repository without push access under specific conditions: the repository must allow forking, a clean PR s...

7.1CVSS5.9AI score0.00037EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/02/18 8:44 p.m.•4 views

CVE-2026-1999 Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...

7.1CVSS5.9AI score0.00037EPSS

Exploits0References3

Cvelist•added 2026/02/18 8:44 p.m.•20 views

CVE-2026-1999 Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests

7.1CVSS0.00037EPSS

Exploits0References3

ATTACKERKB•added 2026/02/18 8:44 p.m.•3 views

CVE-2026-1999

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to access internal services bound to loopback or unspecified addresses, potentially disrupting background job processing, accessing administrative endpoints, metrics, and...

7.2CVSS5.9AI score0.00037EPSS

Exploits0References10Affected Software1

Cvelist•added 2026/02/18 8:42 p.m.•24 views

CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports

6CVSS0.00193EPSS

Exploits0References6

Vulnrichment•added 2026/02/18 8:42 p.m.•2 views

CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports

6CVSS5.7AI score0.00193EPSS

Exploits0References6

CVE•added 2026/02/18 8:42 p.m.•18 views

CVE-2026-1355

GitHub Enterprise Server contains a Missing Authorization vulnerability in the repository migration upload endpoint. An authenticated attacker could supply a migration identifier to overwrite or replace a victim’s migration archive, potentially causing victims to download attacker-controlled repo...

6.5CVSS5.7AI score0.00193EPSS

Exploits0References6Affected Software1

Vulnrichment•added 2026/02/18 8:37 p.m.•3 views

CVE-2026-0573 Improper Handling of HTTP Redirects vulnerability was identified in GitHub Enterprise Server that allowed leaking of authorization token and enabled remote code execution

7.6CVSS6.2AI score0.00066EPSS

Exploits0References6

CVE•added 2026/02/18 8:37 p.m.•7 views

CVE-2026-0573

GitHub Enterprise Server suffered an URL redirection vulnerability in the repository_pages API where HTTP redirects preserved the Authorization header containing a privileged JWT. An authenticated user could redirect artifact URL fetches to an attacker-controlled domain, exfiltrate the Actions.Ma...

9CVSS6.2AI score0.00066EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/02/18 8:37 p.m.•24 views

CVE-2026-0573 Improper Handling of HTTP Redirects vulnerability was identified in GitHub Enterprise Server that allowed leaking of authorization token and enabled remote code execution

7.6CVSS0.00066EPSS

Exploits0References6

Circl•added 2026/02/18 8:10 p.m.•3 views

GHSA-JFV4-H8MC-JCP8

creationtimestamp| type| source ---|---|--- 2026-02-18 20:10:40+00:00| seen| https://gist.github.com/alon710/46d127cf3a2094bb829e405b76bec24c...

5.1AI score

Exploits0References1

Circl•added 2026/02/18 6:40 p.m.•2 views

GHSA-H9G4-589H-68XV

creationtimestamp| type| source ---|---|--- 2026-02-18 18:40:39+00:00| seen| https://gist.github.com/alon710/844fd31d09ce1f0bffd3bf36057f5d6f...

5.1AI score

Exploits0References1

Github Security Blog•added 2026/02/18 3:24 p.m.•5 views

Trivy Action has a script injection via sourced env file in composite action

Command Injection in aquasecurity/trivy-action via Unsanitized Environment Variable Export A command injection vulnerability exists in aquasecurity/trivy-action due to improper handling of action inputs when exporting environment variables. The action writes export VAR= lines to trivyenvs.txt bas...

8.1CVSS6.1AI score0.00091EPSS

Exploits0References5Affected Software1

OSV•added 2026/02/18 3:24 p.m.•2 views

GHSA-9P44-J4G5-CFX5 Trivy Action has a script injection via sourced env file in composite action

5.9CVSS6.1AI score0.00091EPSS

Exploits0References5

Circl•added 2026/02/18 4:40 a.m.•1 views

GHSA-MJ5R-HH7J-4GXF

creationtimestamp| type| source ---|---|--- 2026-02-18 04:40:30+00:00| seen| https://gist.github.com/alon710/b0c0c3586861dd047e116007334a6181...

5.1AI score

Exploits0References1