13 matches found
CVE-2026-9132
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...
CVE-2026-9132
CVE-2026-9132 describes a missing authorization flaw in GitHub Enterprise Server where an authenticated user could read source code from private repositories via the Copilot pull request description diff summary endpoint. The vulnerability allowed a user with read access to at least one repositor...
CVE-2026-9132 Missing authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository contents via the Copilot pull request diff summary endpoint
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...
SUSE CVE-2026-20800
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
Gitea improperly exposes issue and pull request titles
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
GHSA-2VGV-HGV4-22MH Gitea improperly exposes issue and pull request titles
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
CVE-2022-46257
An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploi...
CVE-2025-3124
CVE-2025-3124 concerns a missing authorization vulnerability in GitHub Enterprise Server that allowed a user to see the names of private repositories they otherwise wouldn’t access via the Security Overview in GitHub Advanced Security. The issue affected all versions prior to 3.17 and was fixed i...
CVE-2025-3124 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only...
GHSA-J4G3-3Q8X-JXQP dbt-core's secret env vars written to package-lock.json in plaintext
Impact When used to pull source code from a private repository using a Personal Access Token PAT, some versions of dbt-core write a URL with the PAT in plaintext to the package-lock.yml file. Patches The bug has been fixed in dbt-core v1.7.3. Mitigations Remove any git URLs with plaintext secrets...
GitLab Authorization Issues Vulnerability (CNVD-2021-26107)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab...
Coda: Use Github pack with Coda employee github account (search code of Coda's private repositories)
Summary: When you use the Github formula, the information from the Github API is returned by the endpoint https://coda.io/coda.CalcService/InvokeFormula. From what I understand, this endpoint expects a gRPC request. In the request is sent: the formula Github..CodeSearch, the version of the Github...
Pagure Authorization Vulnerability
Pagure is a Git repository using Python to provide Web services . Security exists in Pagure 3.3.0 and earlier versions, and the vulnerability stems from a failure to properly authorize. An attacker can exploit the vulnerability to browse a private repository...