29580 matches found
CVE-2026-1355
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...
CVE-2026-1999
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...
CVE-2026-0573
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repositorypages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a...
GHSA-WFQV-66VQ-46RM
creationtimestamp| type| source ---|---|--- 2026-02-19 22:40:39+00:00| seen| https://gist.github.com/alon710/ee16e9aabb8895513a00d88d6dc1ac96...
GHSA-9PPG-JX86-FQW7
creationtimestamp| type| source ---|---|--- 2026-02-19 17:10:40+00:00| seen| https://gist.github.com/alon710/7522c30fea1d97914f8cc887eb8aaf04 2026-02-19 17:40:35+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3mfa5anzvrs2t 2026-03-06 02:48:42+00:00| seen|...
GHSA-RP46-R563-JRC7 vulnerabilities
Vulnerabilities for packages: hadoop-fips, kafbat-ui-fips, spark-fips, pinot, akhq, apache-hop, druid, apache-hop-fips, kafbat-ui, wavefront-proxy, spark, apache-pulsar, celeborn, logstash...
CLEANSTART-2026-YN08405 Security fixes for GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x applied in versions: 7.1.1-r7
Multiple security vulnerabilities affect the minio-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-1999
A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to access internal services bound to loopback or unspecified addresses, potentially disrupting background job processing, accessing administrative endpoints, metrics, and...
CVE-2026-1999
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...
CVE-2026-1355
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...
CVE-2026-1355
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...
CVE-2026-0573
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repositorypages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a...
CVE-2026-0573
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repositorypages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a...
CVE-2026-1999 Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...
CVE-2026-1999
A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to access internal services bound to loopback or unspecified addresses, potentially disrupting background job processing, accessing administrative endpoints, metrics, and...
CVE-2026-1999 Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...
CVE-2026-1999
CVE-2026-1999 affects GitHub Enterprise Server and is an incorrect authorization vulnerability in the enable_auto_merge mutation for pull requests. An attacker could merge their own PR into a repository without push access under specific conditions: the repository must allow forking, a clean PR s...
CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...
CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...
CVE-2026-1355
GitHub Enterprise Server contains a Missing Authorization vulnerability in the repository migration upload endpoint. An authenticated attacker could supply a migration identifier to overwrite or replace a victim’s migration archive, potentially causing victims to download attacker-controlled repo...