112 matches found
CVE-2023-22380
CVE-2023-22380 describes a path traversal vulnerability in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. The issue affects all versions of GitHub Enterprise Server since 3.7 and is due to a flaw in the file-path handling during Page builds, enabli...
CVE-2024-1084
GitHub Enterprise Server remote UI vulnerability CVE-2024-1084 is a Cross-site Scripting issue in the tag name pattern field of the tag protections UI. The flaw allows a malicious website, leveraging user interaction and social engineering, to change a user account via CSP bypass with created CSR...
CVE-2022-46255
CVE-2022-46255 affects GitHub Enterprise Server 3.7.0 and enables remote code execution due to improper limitation of a pathname to a restricted directory. The root cause was an arbitrary file overwrite risk during content unpacking; a fix was added in 3.7.1 by validating that the working directo...
CVE-2024-10824
CVE-2024-10824 affects GitHub Enterprise Server versions after 3.13.0 but before 3.14.0. The root cause is an authorization bypass that allowed organization members with a personal access token to access secret scanning alert data intended only for business owners, provided secret scanning was en...
CVE-2024-5795
CVE-2024-5795 is a Denial of Service vulnerability in GitHub Enterprise Server causing unbounded resource exhaustion when a large payload is sent to the Git server. Affected: all versions prior to 3.14. Impact: potential unavailability due to resource exhaustion. Remediation: upgrade to one of th...
CVE-2024-9539
CVE-2024-9539 affects GitHub Enterprise Server prior to 3.14, where an information-disclosure flaw allowed an attacker to retrieve a user’s metadata by triggering via an uploaded asset URL (involving malicious SVG files) and then craft phishing pages. The vulnerability is fixed in 3.14.2, and als...
CVE-2024-6337
CVE-2024-6337 affects GitHub Enterprise Server. A flawed authorization allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repo. The issue is exploitable via a user access token; installation access tokens were not impacted...
CVE-2024-6395
CVE-2024-6395 (GitHub Enterprise Server) exposes a sensitive-information issue that allows an attacker to enumerate the names of private repositories using deploy keys, but does not disclose repository contents. Affected: GitHub Enterprise Server versions prior to 3.14. The root cause, per multip...
CVE-2023-23760
Summary: CVE-2023-23760 is a path traversal vulnerability in GitHub Enterprise Server that leads to remote code execution when building a GitHub Pages site. The attacker must have permission to create and build a GitHub Pages site on the target instance. Affected scope: GitHub Enterprise Server v...
CVE-2024-10001
GitHub Enterprise Server is affected by CVE-2024-10001. The vulnerability arises from an improper sequence of validation in the message handling function: the origin check occurs after accepting a user-controlled identity property, enabling a code injection via the query selector and exfiltration...
CVE-2024-5816
CVE-2024-5816 – GitHub Enterprise Server : An Incorrect Authorization flaw allows a suspended GitHub App to retain access to repositories via a scoped user access token. Impact is limited to public repositories; private repos are not affected. Affected: all GitHub Enterprise Server versions prior...
CVE-2024-8263
CVE-2024-8263 describes an improper privilege management vulnerability in GitHub Enterprise Server that allows arbitrary workflows to be committed via an improperly scoped Personal Access Token (PAT) when nested tags are used. Affected product: GitHub Enterprise Server (all versions prior to the ...
CVE-2021-22868
GitHub Enterprise Server suffers a path traversal vulnerability in the GitHub Pages build flow. User-controlled Pages configuration could allow reading files on the server. An attacker must have permission to create and build a GitHub Pages site. Affected versions are all before fixes: 3.1.8, 3.0...
CVE-2023-51379
The CVE-2023-51379 issue concerns GitHub Enterprise Server where an incorrect authorization flaw allowed updating issue comments using an improperly scoped token. Affected products are GitHub Enterprise Server (versions 3.7 through 3.17.18, 3.8.x until 3.8.11, 3.9.x until 3.9.6, 3.10.x until 3.10...
CVE-2023-6802
CVE-2023-6802 describes an information-in-logs vulnerability in GitHub Enterprise Server where sensitive data could be inserted into the audit log, potentially allowing access to the management console. Affected product: GitHub Enterprise Server (all versions since 3.8). Root cause: insertion of ...
CVE-2024-0507
GitHub Enterprise Server CVE-2024-0507 is a privilege-escalation via command injection in the Management Console. An attacker with a Management Console editor role can escalate privileges by exploiting input handling in the console. Affected versions include all GHES releases prior to fixes; reme...
CVE-2024-10007
GitHub Enterprise Server CVE-2024-10007 is a path collision and arbitrary code execution flaw enabling container escape to root via ghe-firejail. Exploitation requires Enterprise Administrator access. Affected: all versions before 3.15. Remediations are to upgrade to fixed versions: 3.14.3, 3.13....
CVE-2024-7711
CVE-2024-7711 is an Incorrect Authorization vulnerability in GitHub Enterprise Server that allowed an attacker to update the title, assignees, and labels of any issue inside a public repository, and was exploitable only within public repos. Affected products: GitHub Enterprise Server versions bef...
CVE-2021-22870
The CVE-2021-22870 issue affects GitHub Enterprise Server pages builds and is a path-traversal vulnerability that could allow an attacker with permission to create and build a GitHub Pages site to read system files. The vulnerability exists in all versions prior to 3.3 and was fixed in 3.0.19, 3....
CVE-2024-5566
CVE-2024-5566 affects GitHub Enterprise Server prior to 3.14, where an improper privilege management issue allowed migration of private repositories without sufficient Personal Access Token scopes. The root cause is insufficient access control during repository migration, enabling unintended cont...
CVE-2023-51380
Summary: CVE-2023-51380 is an incorrect authorization vulnerability in GitHub Enterprise Server that allowed reading issue comments with an improperly scoped token. The issue affects all versions from 3.7 up to 3.11.x and is fixed by upgrading to 3.7.19, 3.8.12, 3.9.7, 3.10.4, or 3.11.1, respecti...
CVE-2021-22869
CVE-2021-22869 describes an improper access control in GitHub Enterprise Server that allowed a workflow job to execute in a self-hosted runner group it should not access. A repository with access to one enterprise runner group could access all enterprise runner groups within the same organization...
CVE-2023-23766
CVE-2023-23766 describes an incorrect comparison vulnerability in GitHub Enterprise Server that enabled commit smuggling by displaying an incorrect diff when re-opening a Pull Request. Exploitation would require write access to the repository. All versions prior to the fixed releases are affected...
CVE-2023-46649
CVE-2023-46649 describes a race condition in GitHub Enterprise Server that could allow an attacker with admin privileges to gain further access during the conversion of a user to an organization. The issue affects all GitHub Enterprise Server versions from 3.7 onward and could be exploited to obt...
CVE-2024-5817
GitHub Enterprise Server (GES) security advisory CVE-2024-5817 describes an Incorrect Authorization flaw that allowed read access to issue content via GitHub Projects. Affected: all GES versions prior to 3.14. The vulnerability required attacker access to the corresponding internal project board ...
CVE-2023-23763
CVE-2023-23763 (GitHub Enterprise Server) describes an authorization/sensitive information disclosure vulnerability where a fork could retain read access to an upstream repository after its visibility was set to private. Affected versions are all prior to 3.10.0. Fixed releases are 3.9.4, 3.8.9, ...
CVE-2023-23764
CVE-2023-23764 affects GitHub Enterprise Server (versions 3.7.0 and later) with an incorrect comparison in the PR UI that could enable commit smuggling by displaying an incorrect diff. Exploitation requires write access to the target repository. Affected versions were fixed in 3.7.9, 3.8.2, and 3...
CVE-2023-23762
CVE-2023-23762 describes an incorrect comparison vulnerability in GitHub Enterprise Server that enables commit smuggling by displaying an incorrect diff. An attacker would need write access to a repository and must correctly guess the target branch before it’s created by the maintainer. The issue...
CVE-2024-8770
CVE-2024-8770 describes a Cross-Site Scripting (XSS) vulnerability in the repository transfer feature of GitHub Enterprise Server. The issue affected all versions prior to the fixed releases and allowed attackers to steal sensitive user information via social engineering. Fixes were released in G...
CVE-2023-23765
CVE-2023-23765 concerns GitHub Enterprise Server. The issue is an incorrect comparison vulnerability that allows commit smuggling by displaying an incorrect diff in a re-opened Pull Request. The exploitation condition requires the attacker to have write access to the affected repository. The avai...
CVE-2023-46645
CVE-2023-46645 describes a path traversal vulnerability in GitHub Enterprise Server that enables arbitrary file reading when building a GitHub Pages site. The attacker must have permission to create and build a GitHub Pages site on the affected server. Affected versions include all releases since...
CVE-2023-46647
GitHub Enterprise Server (GHES) suffers from improper privilege management that allows users with authorized access to the management console (editor role) to escalate privileges by making requests to the bootstrapping endpoint. Affected versions: GHES 3.8.0 and above. Remediations: upgrade to fi...
CVE-2023-6746
CVE-2023-6746 affects GitHub Enterprise Server back-end logging: an insertion of sensitive information into log files could enable a man-in-the-middle-like scenario when combined with phishing, if an attacker can access log files, backups, or streamed logs. Affected versions include all releases ...
CVE-2026-9312
CVE-2026-9312 – GitHub Enterprise Server SSRF : An unauthenticated attacker could exploit insufficient input validation in an upload endpoint to inject path traversal and redirect internal API calls, potentially accessing internal services and sensitive credentials. Affected: all GitHub Enterpris...
CVE-2023-6803
GitHub Enterprise Server contains a race condition vulnerability that can permit an outside collaborator to be added while a repository is being transferred. Affected software: GitHub Enterprise Server (all versions since 3.8). Root cause: race condition during repository transfer. Impact: potent...
CVE-2023-46648
The CVE-2023-46648 entry concerns an insufficient entropy vulnerability in GitHub Enterprise Server (GHES) invitation tokens for the Management Console. The root cause is the entropy insufficiency of the invitation token mechanism, enabling brute-force attempts to identify pending user invitation...
CVE-2023-6804
CVE-2023-6804 (GitHub Enterprise Server) : Improper privilege management allows arbitrary workflows to be committed and run using an improperly scoped Personal Access Token, provided a workflow already exists in the target repo. Affected: GitHub Enterprise Server versions 3.8–3.11.x (before fixes...
CVE-2024-1482
CVE-2024-1482 describes an incorrect authorization flaw in GitHub Enterprise Server that could let an attacker with access to the server create new branches in public repositories and run arbitrary GitHub Actions workflows using the GITHUB_TOKEN. Affected versions: all after 3.8 and before 3.12. ...
CVE-2024-1908
CVE-2024-1908 concerns GitHub Enterprise Server. The issue is an improper privilege management flaw that allowed an attacker with a non-default GitHub Connect setting and an account on the server to use the Enterprise Actions GitHub Connect download token to fetch private repository data. Affecte...
CVE-2025-6981
CVE-2025-6981 describes an incorrect authorization vulnerability in GitHub Enterprise Server that allowed unauthorized read access to internal repositories for contractor accounts when the Contractors API feature was enabled. The issue affected all versions prior to 3.18 and has been fixed in ver...
CVE-2025-6600
This CVE affects GitHub Enterprise Server v3.17. The issue is an information-disclosure where a user-to-server token with no scopes, used via the Search API, could disclose private repository names within an organization. Exploitation required an organization administrator to install a malicious ...
CVE-2025-8447
CVE-2025-8447 : GitHub Enterprise Server had an improper access-control issue enabling users with access to one repo to retrieve limited code from another repo by stacking a diff between repositories. An attacker needed the private-repo name and a branch/tag/commit SHA to trigger the compare/diff...
CVE-2026-8034
CVE-2026-8034 is a server-side request forgery (SSRF) vulnerability in the GitHub Enterprise Server notebook viewer. The issue stems from URL parser confusion between the validation layer and the HTTP request library, where hostname validation uses a different parser than the request library, all...
CVE-2026-8606
A Server-Side Request Forgery (SSRF) in GitHub Enterprise Server was exposed via the security advisories package lookup endpoint, allowing an attacker to issue HTTP requests to internal services. By directing requests to an internal management service and measuring response timing, an attacker co...
CVE-2026-1355
GitHub Enterprise Server contains a Missing Authorization vulnerability in the repository migration upload endpoint. An authenticated attacker could supply a migration identifier to overwrite or replace a victim’s migration archive, potentially causing victims to download attacker-controlled repo...
CVE-2026-7541
CVE-2026-7541 is a denial-of-service vulnerability in GitHub Enterprise Server. An unauthenticated attacker could trigger service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON bodies without siz...
CVE-2025-14046
CVE-2025-14046 affects GitHub Enterprise Server; improper input neutralization allows user-supplied HTML to inject DOM elements with conflicting IDs, shadowing server-initialized data islands and causing unintended server-side POST requests or other unauthorized backend interactions. Exploitation...
CVE-2026-5921
CVE-2026-5921 describes a server-side request forgery (SSRF) in GitHub Enterprise Server. The notebook rendering service can be reached via an open redirect chain when private mode is disabled, allowing an unauthenticated SSRF to internal services. A timing side-channel across a regex-filtered in...
CVE-2026-8106
CVE-2026-8106 describes a reflected HTML injection in the GitHub Enterprise Server Management Console login page. The vulnerability lies in the redirect_to query parameter on the /setup/unlock endpoint, which is reflected into an HTML attribute without proper sanitization. An attacker could entic...
CVE-2025-11578
CVE-2025-11578 is a privilege-escalation vulnerability in GitHub Enterprise Server. An authenticated Enterprise admin could abuse a symlink escape in pre-receive hook environments to replace system binaries during hook cleanup and inject their SSH key into root’s authorized_keys, enabling root SS...