CVE-2024-4985

The CVE-2024-4985 issue affects GitHub Enterprise Server (GHES) where SAML SSO with optional encrypted assertions can be abused to forge a SAML response, enabling provisioning or access to a site administrator account without prior authentication. The vulnerability impacts all GHES versions prior...

CVE-2025-23369

CVE-2025-23369 affects GitHub Enterprise Server and centers on an improper verification of the cryptographic signature that can enable signature spoofing for unauthorized internal users. Public details indicate that versions before 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0 are impacted. Some c...

CVE-2025-3509

CVE-2025-3509 affects GitHub Enterprise Server prior to 3.18 and is a Remote Code Execution in the pre-receive hook. The root cause involves using dynamically allocated ports that become temporarily available during specific operational conditions (e.g., hot patch upgrades), creating an exploitab...

CVE-2024-9487

CVE-2024-9487 describes an improper verification of cryptographic signatures in GitHub Enterprise Server that enables bypass of SAML SSO authentication, leading to unauthorized user provisioning and instance access. According to connected sources, exploitation requires the encrypted assertions fe...

CVE-2022-23732

The CVE-2022-23732 entry concerns a path traversal vulnerability in the GitHub Enterprise Server management console that bypasses CSRF protections and could lead to privilege escalation. Affected software: GitHub Enterprise Server management console (all versions prior to 3.5). Root cause: path t...

CVE-2024-1354

CVE-2024-1354 describes a command-injection vulnerability in GitHub Enterprise Server where an attacker with editor privileges in the Management Console could escalate to admin SSH access via the syslog-ng configuration. The issue requires access to the GitHub Enterprise Server instance and Manag...

CVE-2022-23733

CVE-2022-23733 is a stored XSS vulnerability in GitHub Enterprise Server affecting all versions prior to 3.6. The issue allows injection of arbitrary attributes, with exploitation blocked by GitHub’s CSP. Remediation released in versions 3.3.11, 3.4.6, and 3.5.3. NVD metrics list CVSS 3.1 base sc...

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to retain permissions on a detached repository by issuing a GraphQL mutation to alter repository permissions while the repository was detached. Affected: all GitHub Enterprise Server versions prior to 3.13. Fixes are available...

CVE-2021-41599

CVE-2021-41599 is a remote code execution vulnerability in GitHub Enterprise Server that can be exploited when building a GitHub Pages site. Attacker needs permission to create and build a GitHub Pages site on the instance. Affected all versions prior to 3.3; fixed in 3.0.21, 3.1.13, and 3.2.5. C...

CVE-2024-1359

Summary: CVE-2024-1359 is a command injection vulnerability in GitHub Enterprise Server that allowed an attacker with the Management Console’s editor role to escalate to admin/root SSH access when configuring an HTTP proxy. Affected products/versions: all GitHub Enterprise Server versions prior t...

CVE-2024-1355

CVE-2024-1355 describes a command injection in GitHub Enterprise Server. An attacker with the Management Console editor role could exploit the actions-console docker container to gain admin SSH access to the appliance by manipulating a service URL. Exploitation required access to the GitHub Enter...

CVE-2024-1372

GitHub Enterprise Server suffers a command injection vulnerability that allows an attacker with the Management Console editor role to obtain admin SSH access during SAML configuration. Affected: all versions prior to 3.12; fixes are available in 3.11.5, 3.10.7, 3.9.10, and 3.8.15. The root cause ...

CVE-2024-1082

Summary: CVE-2024-1082 describes a path traversal in GitHub Enterprise Server that allows an attacker with page-site build permissions to read files via symbolic links in a crafted artifact tarball uploaded to GitHub Pages. Affected product/versions: GitHub Enterprise Server prior to 3.12. Fixed ...

CVE-2021-22866

The CVE describes a UI misrepresentation in GitHub Enterprise Server’s GitHub App authorization flow. A user could grant more permissions than shown if the App had additional user-level permissions added after initial approval, by revisiting the authorization flow. Affected products/versions: Git...

CVE-2022-23739

CVE-2022-23739 concerns an incorrect authorization flaw in GitHub Enterprise Server that allowed a GitHub App to escalate privileges via GraphQL API requests. The issue could let an app installed in an organization access and modify most organization‑level resources not tied to a repository (e.g....

CVE-2024-1369

The CVE-2024-1369 issue is a command injection in GitHub Enterprise Server that lets an attacker with an editor role in the Management Console gain admin SSH access to the appliance when configuring collectd credentials. Affected products/versions: all before 3.12; fixed in 3.11.5, 3.10.7, 3.9.10...

CVE-2022-23738

CVE-2022-23738 affects GitHub Enterprise Server. The issue is an improper cache key vulnerability that could allow an unauthorized actor to access private repository files through a public repository, given the actor is already authorized on the server, can create a public repository, and a site ...

CVE-2024-1374

CVE-2024-1374 : In GitHub Enterprise Server, a command-injection in the Management Console via nomad templates allowed an attacker with an editor role to escalate to admin SSH access to the appliance (root) when configuring audit log forwarding. Exploitation requires access to the GitHub Enterpri...

CVE-2024-1378

Summary: CVE-2024-1378 is a command injection vulnerability in GitHub Enterprise Server that lets an attacker with the Management Console editor role trigger admin SSH access via nomad templates when configuring SMTP options. Exploitation requires access to the affected GitHub Enterprise Server i...

CVE-2023-46646

CVE-2023-46646 describes improper access control in GitHub Enterprise Server: unauthorized users could view only private repository names via the Get a check run API endpoint, not repository content. Affected: GitHub Enterprise Server versions 3.7.0 and above. Fixed in multiple maintenance releas...

CVE-2023-6690

A race condition in GitHub Enterprise Server allows an existing admin to retain permissions on transferred repositories by mutating repository permissions via GraphQL during transfer. Affected: GitHub Enterprise Server v3.8.0 and later. Impact: persistence of admin permissions on transferred repo...

CVE-2024-6800

CVE-2024-6800 is an XML signature wrapping vulnerability in GitHub Enterprise Server (GHES) affecting SAML authentication with certain IdPs that expose signed federation metadata XML. An attacker with direct network access could forge a SAML response to provision and/or gain access to a user with...

CVE-2026-3854

CVE-2026-3854 describes an RCE vulnerability in GitHub Enterprise Server arising during git push option handling. An attacker with push access could abuse unsanitized user-supplied push option values that are incorporated into internal service headers; because the header format uses a delimiter t...

CVE-2022-23734

CVE-2022-23734 describes a deserialization of untrusted data vulnerability in GitHub Enterprise Server (SVNBridge) that could enable remote code execution via an SSRF-assisted data deserialization path. Affected versions are all pre-3.6; fixed in 3.5.3, 3.4.6, 3.3.11, and 3.2.16. The vulnerabilit...

CVE-2023-6847

Summary: CVE-2023-6847 is an improper authentication vulnerability in GitHub Enterprise Server that allows bypassing Private Mode via a specially crafted API request. This could enable access to data restricted by Private Mode. Affected versions are GitHub Enterprise Server 3.9 and later up to 3....

CVE-2024-2469

CVE-2024-2469 affects GitHub Enterprise Server. An attacker with an Administrator role could achieve remote code execution that grants SSH root access. Affected versions include 3.8.0 and later; fixes were released in 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. Documented impact is SSH root access...

CVE-2022-46256

CVE-2022-46256 — GitHub Enterprise Server : A path traversal vulnerability allows remote code execution when building a GitHub Pages site. An attacker must have permission to create and build a Pages site on the instance. The issue affects GitHub Enterprise Server and is fixed in versions 3.3.17,...

CVE-2022-46257

CVE-2022-46257 describes an information-disclosure vulnerability in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who lacked access to those repositories, causing repository names to appear in the UI. The attack would...

CVE-2024-0200

CVE-2024-0200 (GitHub Enterprise Server) is an unsafe reflection vulnerability that can enable remote code execution. Authenticated attackers with an organization owner role can exploit it to run user-controlled methods, compromising the GHES instance. Affected versions are all prior to 3.12; fix...

CVE-2021-22864

GitHub Enterprise Server CVE-2021-22864 is a remote code execution flaw caused by insecure, user-controlled configuration options for GitHub Pages that could override environment variables. Affected: all GitHub Enterprise Server versions prior to 3.0.3. Impact: attacker with permission to create/...

CVE-2024-3470

GitHub Enterprise Server suffers an Improper Privilege Management flaw that lets a repository deploy key bypass an organization’s ruleset when an attacker has a valid deploy key and repository administrator access. Affected versions are 3.11–3.12; remediation is to upgrade to 3.11.8 or 3.12.2. In...

CVE-2022-23740

GitHub Enterprise Server 3.7.0 is vulnerable to remote code execution due to improper neutralization of argument delimiters in a command. An attacker would need permission to create and build GitHub Pages with GitHub Actions. The issue affects only 3.7.0 and is fixed in 3.7.1; recovery requires u...

CVE-2025-3124

CVE-2025-3124 concerns a missing authorization vulnerability in GitHub Enterprise Server that allowed a user to see the names of private repositories they otherwise wouldn’t access via the Security Overview in GitHub Advanced Security. The issue affected all versions prior to 3.17 and was fixed i...

CVE-2024-2748

CVE-2024-2748 is a Cross Site Request Forgery vulnerability affecting GitHub Enterprise Server 3.12.0 that could allow an attacker to perform unauthorized actions on behalf of a user. The underlying issue is a CSRF flaw that requires user interaction to exploit. GitHub fixed this in version 3.12....

CVE-2024-3684

CVE-2024-3684 describes a server-side request forgery in GitHub Enterprise Server that, when an attacker has an editor role in the Management Console, could grant admin access to the appliance during configuration of Artifacts & Logs and Migrations Storage. The vulnerability required access to th...

CVE-2024-2443

GitHub Enterprise Server has a command injection vulnerability in the Management Console GeoJSON configuration that could let an attacker with an editor role gain admin SSH access. Affected: all versions before 3.13. Fixed in 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. Remediation: upgrade to 3.1...

CVE-2024-5815

CVE-2024-5815 is a Cross-Site Request Forgery in GitHub Enterprise Server that permits write operations on a victim-owned repository when an attacker who is a trusted GHE user induces the victim to visit a tag in the attacker’s fork. The issue affects all GitHub Enterprise Server versions prior t...

CVE-2024-8810

Summary: CVE-2024-8810 affects GitHub Enterprise Server. A GitHub App installed in organizations could upgrade permissions from read to write without organization admin approval. Exploitation requires an account with administrator access to install a malicious GitHub App. Root cause / impact: Pri...

CVE-2021-22867

CVE-2021-22867 / CVE-2021-22868 (GitHub Enterprise Server) : Path traversal through GitHub Pages configuration options that are user-controlled, allowing reading files on the server during page builds. Affected versions: all before 3.1.3 (fixed in 3.1.3, 3.0.11, 2.22.17). Red Hat notes indicate t...

CVE-2023-22381

CVE-2023-22381 is a code injection vulnerability in GitHub Enterprise Server that allows setting arbitrary environment variables via a single env var value in GitHub Actions when running on Windows. The root cause is the insecure handling of environment variables in the Actions workflow context, ...

CVE-2024-3646

CVE-2024-3646 : A command injection vulnerability was identified in GitHub Enterprise Server that could let an attacker with an editor role in the Management Console obtain admin SSH access to the instance during chat integration configuration. Exploitation required access to the GitHub Enterpris...

CVE-2025-3246

CVE-2025-3246 targets GitHub Enterprise Server, specifically version 3.16.1, via an improper neutralization of input that enables cross-site scripting in GitHub Markdown using $$..$$ math blocks. The issue requires access to the target instance and privileged user interaction with the malicious e...

CVE-2022-46258

CVE-2022-46258 describes an incorrect authorization in GitHub Enterprise Server where a repository-scoped token with read/write access could modify Action Workflow files without a Workflow scope. Affected: all versions before 3.7. Fixes were released in 3.3.16, 3.4.11, 3.5.8, and 3.6.4. Practical...

CVE-2023-23761

GitHub Enterprise Server faces an improper authentication vulnerability that could let an unauthorized actor modify other users’ secret gists by authenticating through an SSH certificate authority, provided the secret gist URL is known. Affected all versions before 3.9; fixes were released in 3.4...

CVE-2022-23737

Summary: CVE-2022-23737 is an improper privilege management vulnerability in GitHub Enterprise Server that allows users with insufficient privileges to create or delete pages via the API. An attacker would need to be added to an organization’s repository with write permissions to exploit it. The ...

CVE-2024-5746

CVE-2024-5746 describes a Server-Side Request Forgery in GitHub Enterprise Server that allowed an authenticated Site Administrator to achieve arbitrary code execution on the instance. Affected versions were all before 3.13, with fixes in 3.12.5, 3.11.11, 3.10.13, and 3.9.16. Public references fro...

CVE-2024-6336

CVE-2024-6336 describes a security misconfiguration in GitHub Enterprise Server where sensitive information could be disclosed to unauthorized users by exploiting the organization ruleset feature. An organization member could change the visibility of a dependent repository from private to public,...

CVE-2021-22865

Summary. CVE-2021-22865 is an improper access control vulnerability in GitHub Enterprise Server that allows access tokens generated from a GitHub App’s web authentication flow to read private repository metadata via the REST API without granted permissions. Prerequisites: an attacker must create ...

CVE-2021-41598

GitHub Enterprise Server vulnerability CVE-2021-41598 is a UI misrepresentation flaw in the GitHub App authorization flow. It can cause more permissions to be granted than the user sees during approval, specifically if the user later updates the repositories an app is installed on after additiona...

CVE-2022-23741

Summary : CVE-2022-23741 affects GitHub Enterprise Server. An incorrect authorization vulnerability allowed a scoped user-to-server token to escalate to full admin/owner privileges, requiring an admin to install a malicious GitHub App. The issue was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3....