Microsoft GitHub Copilot and Visual Studio Code 安全漏洞

Microsoft GitHub Copilot and Visual Studio Code is a combination of intelligent coding tools from Microsoft Corporation USA. A security vulnerability exists in Microsoft GitHub Copilot and Visual Studio Code. An attacker exploiting the vulnerability could bypass certain features...

Security Bulletin: NVIDIA Triton Inference Server- November 2025

NVIDIA has released a software update for NVIDIA Triton Inference Server. To protect your system, download and install the latest release from the Triton Inference Server Releases page on GitHub and view the Secure Deployment Considerations Guide. Go to NVIDIA Product Security. Details The...

Security Bulletin: NVIDIA Megatron LM - November 2025

NVIDIA has released a software update for NVIDIA® Megatron LM. To protect your system, clone or update this software to version 0.14.0 or later from NVIDIA/Megatron-LM on NVIDIA GitHub. Go to NVIDIA Product Security...

Security Bulletin: NVIDIA NeMo Framework - November 2025

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.5.0 or later from NVIDIA/NeMo Framework from NVIDIA Github and pypi. Go to NVIDIA Product Security...

CVE-2025-11578

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

CVE-2025-11892

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers. Successful exploitation requires an attacker to have...

CVE-2025-11578

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

CVE-2025-11892

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers. Successful exploitation requires an attacker to have...

CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

CVE-2025-11578

CVE-2025-11578 is a privilege-escalation vulnerability in GitHub Enterprise Server. An authenticated Enterprise admin could abuse a symlink escape in pre-receive hook environments to replace system binaries during hook cleanup and inject their SSH key into root’s authorized_keys, enabling root SS...

CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

CVE-2025-11892 DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers. Successful exploitation requires an attacker to have...

CVE-2025-11892

GitHub Enterprise Server is affected by CVE-2025-11892: an improper neutralization of input leads to DOM-based cross-site scripting via the Issues search label filter, enabling privilege escalation and unauthorized workflow triggers. Exploitation requires user interaction and access to a target s...

CVE-2025-11892 DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers. Successful exploitation requires an attacker to have...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the flow.eyen function. An attacker can trigger a segmentation fault by adding a Python sequence to the native code. PoC python import oneflow as flow diag = 1.0, 2.0, 3.0 tensor = flow.eye3 + diag...

PT-2025-46217

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.19 GitHub Enterprise Server versions 3.14.19 GitHub Enterprise Server versions 3.15.14 GitHub Enterprise Server versions 3.16.10 GitHub Enterprise Server versions 3.17.7 GitHub Enterprise Server...

PT-2025-46218

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.18.1 GitHub Enterprise Server versions prior to 3.17.7 GitHub Enterprise Server versions prior to 3.16.10 GitHub Enterprise Server versions prior to 3.15.14 GitHub Enterprise Server versions prior t...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability in GitHub Enterprise Server versions prior t...

VulnCheck KEV: CVE-2017-18365

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...