Lucene search
K
GithubEnterprise Server

115 matches found

CVE
CVE
added 2026/04/21 10:23 p.m.18 views

CVE-2026-3307

GitHub Enterprise Server vulnerability CVE-2026-3307 allows an admin on one repository to modify the secret scanning push protection delegated bypass reviewers for another repository by changing the owner_id in the request body. Authorization is checked against the URL repository, but the action ...

5.3CVSS5.9AI score0.0027EPSS
CVE
CVE
added 2026/04/21 10:42 p.m.18 views

CVE-2026-5845

Summary: CVE-2026-5845 affects GitHub Enterprise Server versions prior to 3.21, due to an improper authorization fallback in scoped user-to-server (ghu_) token handling. An authenticated attacker could access private repositories outside the intended installation scope, potentially including writ...

9.6CVSS5.8AI score0.0023EPSS
CVE
CVE
added 2025/12/11 5:52 p.m.17 views

CVE-2025-14046

CVE-2025-14046 affects GitHub Enterprise Server; improper input neutralization allows user-supplied HTML to inject DOM elements with conflicting IDs, shadowing server-initialized data islands and causing unintended server-side POST requests or other unauthorized backend interactions. Exploitation...

8.6CVSS6AI score0.0032EPSS
CVE
CVE
added 2026/04/21 10:12 p.m.16 views

CVE-2026-5512

CVE-2026-5512 describes an improper authorization vulnerability in GitHub Enterprise Server where an authenticated attacker could determine private repository names by numeric ID via the mobile upload policy API endpoint. The issue arises from a failure to perform an early authorization check and...

5.3CVSS5.8AI score0.00296EPSS
CVE
CVE
added 2026/05/07 9:14 p.m.16 views

CVE-2026-6736

CVE-2026-6736 describes an authentication bypass in GitHub Enterprise Server (GHES) : when external authentication is enabled, the signup endpoint could create a local user account and establish a session without validating the external identity provider. This unauthenticated access required netw...

6.5CVSS5.8AI score0.00266EPSS
CVE
CVE
added 2025/11/10 10:44 p.m.15 views

CVE-2025-11578

CVE-2025-11578 is a privilege-escalation vulnerability in GitHub Enterprise Server. An authenticated Enterprise admin could abuse a symlink escape in pre-receive hook environments to replace system binaries during hook cleanup and inject their SSH key into root’s authorized_keys, enabling root SS...

7.5CVSS6.9AI score0.00584EPSS
CVE
CVE
added 2026/02/18 8:44 p.m.15 views

CVE-2026-1999

CVE-2026-1999 affects GitHub Enterprise Server and is an incorrect authorization vulnerability in the enable_auto_merge mutation for pull requests. An attacker could merge their own PR into a repository without push access under specific conditions: the repository must allow forking, a clean PR s...

7.1CVSS5.9AI score0.00235EPSS
CVE
CVE
added 2025/11/10 10:43 p.m.14 views

CVE-2025-11892

GitHub Enterprise Server is affected by CVE-2025-11892: an improper neutralization of input leads to DOM-based cross-site scripting via the Issues search label filter, enabling privilege escalation and unauthorized workflow triggers. Exploitation requires user interaction and access to a target s...

9.6CVSS5.9AI score0.00563EPSS
CVE
CVE
added 2026/03/10 6:56 p.m.13 views

CVE-2026-3582

CVE-2026-3582 affects GitHub Enterprise Server. An Incorrect Authorization vulnerability allowed an authenticated user with a classic PAT lacking the repo scope to retrieve issues and commits from private/internal repositories via the search REST API, provided the user already had access to the r...

5.3CVSS5.8AI score0.00248EPSS
CVE
CVE
added 3 days ago13 views

CVE-2026-9132

CVE-2026-9132 describes a missing authorization flaw in GitHub Enterprise Server where an authenticated user could read source code from private repositories via the Copilot pull request description diff summary endpoint. The vulnerability allowed a user with read access to at least one repositor...

6.5CVSS5.9AI score0.00284EPSS
CVE
CVE
added 2026/01/06 8:44 p.m.12 views

CVE-2025-13744

CVE-2025-13744 affects GitHub Enterprise Server. The issue is an Improper Neutralization of Input During Web Page Generation in the Filter (search) component, allowing attacker-controlled HTML to be rendered across GitHub and potentially exfiltrate sensitive information. An attacker must have per...

8.4CVSS6AI score0.00182EPSS
CVE
CVE
added 2026/02/18 8:37 p.m.11 views

CVE-2026-0573

CVE-2026-0573 affects GitHub Enterprise Server. The repository_pages API insecurely follows HTTP redirects when fetching artifact URLs, preserving the Authorization header containing a privileged JWT. An authenticated user could redirect requests to an attacker-controlled domain, exfiltrate the A...

9CVSS6.2AI score0.00645EPSS
CVE
CVE
added 3 days ago10 views

CVE-2026-10585

CVE-2026-10585 describes a stored XSS in GitHub Enterprise Server where an authenticated attacker could execute JavaScript in another user’s browser by injecting a crafted payload into a Discussion title in the Q&A category. The vulnerability stems from the AnsweredQuestionStructuredDataComponent...

6.3CVSS5.9AI score0.00292EPSS
CVE
CVE
added 2026/03/10 6:55 p.m.10 views

CVE-2026-2266

CVE-2026-2266 : In GitHub Enterprise Server, there is a DOM-based cross-site scripting vulnerability caused by improper neutralization of input in the task list content rendering. Authenticated users can craft malicious task list items in issues or pull requests to inject user-supplied HTML and e...

7.4CVSS5.9AI score0.00176EPSS
CVE
CVE
added 3 days ago8 views

CVE-2026-9106

The CVE-2026-9106 issue concerns GitHub Enterprise Server where a UI misrepresentation allowed an OAuth app to gain unauthorized access to an organization’s runner management. A victim could be tricked into authorizing an app requesting the manage_runners:org scope because the scope was not shown...

5.5CVSS5.8AI score0.0032EPSS
Total number of security vulnerabilities115