CVE-2026-0573

An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repositorypages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a...

CVE-2026-0573 Improper Handling of HTTP Redirects vulnerability was identified in GitHub Enterprise Server that allowed leaking of authorization token and enabled remote code execution

An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repositorypages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a...

CVE-2026-0573

GitHub Enterprise Server suffered an URL redirection vulnerability in the repository_pages API where HTTP redirects preserved the Authorization header containing a privileged JWT. An authenticated user could redirect artifact URL fetches to an attacker-controlled domain, exfiltrate the Actions.Ma...

CVE-2025-61641

CVE-2025-61641 affects Wikimedia Foundation MediaWiki, tied to program files includes/api/ApiQueryAllPages.Php and impacts MediaWiki versions before 1.39.14, 1.43.4, 1.44.1. Debians and OSV entries describe multiple issues (e.g., XSS, information disclosure, missing rate limiting, denial of servi...

PT-2022-16240 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.7 Description: An improper privilege management issue was identified that allowed users with improper privileges to create or delete pages via the API. To exploit this, an attacker would need to be...