Lucene search
+L

13 matches found

NVD
NVD
added 2026/06/30 9:16 p.m.8 views

CVE-2026-9132

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...

6.5CVSS0.00257EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 8:23 p.m.25 views

CVE-2026-9132

CVE-2026-9132 describes a missing authorization flaw in GitHub Enterprise Server where an authenticated user could read source code from private repositories via the Copilot pull request description diff summary endpoint. The vulnerability allowed a user with read access to at least one repositor...

6.5CVSS5.9AI score0.00257EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:23 p.m.36 views

CVE-2026-9132 Missing authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository contents via the Copilot pull request diff summary endpoint

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...

6CVSS0.00257EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/02/07 12:26 a.m.6 views

SUSE CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.3AI score0.00344EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.11 views

Gitea improperly exposes issue and pull request titles

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.4AI score0.00344EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/01/23 12:31 a.m.5 views

GHSA-2VGV-HGV4-22MH Gitea improperly exposes issue and pull request titles

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

2.3CVSS5.4AI score0.00344EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 p.m.15 views

CVE-2022-46257

An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploi...

4.3CVSS6.2AI score0.00566EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 10:50 p.m.75 views

CVE-2025-3124

CVE-2025-3124 concerns a missing authorization vulnerability in GitHub Enterprise Server that allowed a user to see the names of private repositories they otherwise wouldn’t access via the Security Overview in GitHub Advanced Security. The issue affected all versions prior to 3.17 and was fixed i...

5.3CVSS6.2AI score0.0041EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/04/17 10:50 p.m.32 views

CVE-2025-3124 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only...

5.3CVSS0.0041EPSS
Exploits0References4
OSV
OSV
added 2023/12/08 3:38 p.m.2 views

GHSA-J4G3-3Q8X-JXQP dbt-core's secret env vars written to package-lock.json in plaintext

Impact When used to pull source code from a private repository using a Personal Access Token PAT, some versions of dbt-core write a URL with the PAT in plaintext to the package-lock.yml file. Patches The bug has been fixed in dbt-core v1.7.3. Mitigations Remove any git URLs with plaintext secrets...

3.2CVSS5.8AI score
Exploits0References4
CNVD
CNVD
added 2021/01/18 12:0 a.m.26 views

GitLab Authorization Issues Vulnerability (CNVD-2021-26107)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab...

7.5CVSS6.1AI score0.0157EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/08/19 1:34 p.m.28 views

Coda: Use Github pack with Coda employee github account (search code of Coda's private repositories)

Summary: When you use the Github formula, the information from the Github API is returned by the endpoint https://coda.io/coda.CalcService/InvokeFormula. From what I understand, this endpoint expects a gRPC request. In the request is sent: the formula Github..CodeSearch, the version of the Github...

0.3AI score
Exploits0
CNVD
CNVD
added 2017/09/15 12:0 a.m.5 views

Pagure Authorization Vulnerability

Pagure is a Git repository using Python to provide Web services . Security exists in Pagure 3.3.0 and earlier versions, and the vulnerability stems from a failure to properly authorize. An attacker can exploit the vulnerability to browse a private repository...

7.5CVSS6.8AI score0.01065EPSS
Exploits0References1
Rows per page
Query Builder