22 matches found
CVE-2026-3854
CVE-2026-3854 describes an RCE vulnerability in GitHub Enterprise Server arising during git push option handling. An attacker with push access could abuse unsanitized user-supplied push option values that are incorporated into internal service headers; because the header format uses a delimiter t...
CVE-2026-9312
CVE-2026-9312 – GitHub Enterprise Server SSRF : An unauthenticated attacker could exploit insufficient input validation in an upload endpoint to inject path traversal and redirect internal API calls, potentially accessing internal services and sensitive credentials. Affected: all GitHub Enterpris...
CVE-2026-8606
A Server-Side Request Forgery (SSRF) in GitHub Enterprise Server was exposed via the security advisories package lookup endpoint, allowing an attacker to issue HTTP requests to internal services. By directing requests to an internal management service and measuring response timing, an attacker co...
CVE-2026-8034
CVE-2026-8034 is a server-side request forgery (SSRF) vulnerability in the GitHub Enterprise Server notebook viewer. The issue stems from URL parser confusion between the validation layer and the HTTP request library, where hostname validation uses a different parser than the request library, all...
CVE-2026-4296
CVE-2026-4296 concerns an incorrect regular expression vulnerability in GitHub Enterprise Server that bypasses the OAuth redirect URI validation. An attacker who knows a first-party OAuth app’s registered callback URL could craft a malicious authorization link that, when clicked by a victim, redi...
CVE-2026-7541
CVE-2026-7541 is a denial-of-service vulnerability in GitHub Enterprise Server. An unauthenticated attacker could trigger service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON bodies without siz...
CVE-2026-1355
GitHub Enterprise Server contains a Missing Authorization vulnerability in the repository migration upload endpoint. An authenticated attacker could supply a migration identifier to overwrite or replace a victim’s migration archive, potentially causing victims to download attacker-controlled repo...
CVE-2026-5921
CVE-2026-5921 describes a server-side request forgery (SSRF) in GitHub Enterprise Server. The notebook rendering service can be reached via an open redirect chain when private mode is disabled, allowing an unauthenticated SSRF to internal services. A timing side-channel across a regex-filtered in...
CVE-2026-3306
CVE-2026-3306 describes an improper authorization in GitHub Enterprise Server where a user with read access to a repository and write access to a project could modify issue and pull request metadata via the project without repository write permissions being verified during column value updates. T...
CVE-2026-3307
GitHub Enterprise Server vulnerability CVE-2026-3307 allows an admin on one repository to modify the secret scanning push protection delegated bypass reviewers for another repository by changing the owner_id in the request body. Authorization is checked against the URL repository, but the action ...
CVE-2026-5845
Summary: CVE-2026-5845 affects GitHub Enterprise Server versions prior to 3.21, due to an improper authorization fallback in scoped user-to-server (ghu_) token handling. An authenticated attacker could access private repositories outside the intended installation scope, potentially including writ...
CVE-2026-5512
CVE-2026-5512 describes an improper authorization vulnerability in GitHub Enterprise Server where an authenticated attacker could determine private repository names by numeric ID via the mobile upload policy API endpoint. The issue arises from a failure to perform an early authorization check and...
CVE-2026-9132
CVE-2026-9132 describes a missing authorization flaw in GitHub Enterprise Server where an authenticated user could read source code from private repositories via the Copilot pull request description diff summary endpoint. The vulnerability allowed a user with read access to at least one repositor...
CVE-2026-1999
CVE-2026-1999 affects GitHub Enterprise Server and is an incorrect authorization vulnerability in the enable_auto_merge mutation for pull requests. An attacker could merge their own PR into a repository without push access under specific conditions: the repository must allow forking, a clean PR s...
CVE-2026-10585
CVE-2026-10585 describes a stored XSS in GitHub Enterprise Server where an authenticated attacker could execute JavaScript in another user’s browser by injecting a crafted payload into a Discussion title in the Q&A category. The vulnerability stems from the AnsweredQuestionStructuredDataComponent...
CVE-2026-6736
CVE-2026-6736 describes an authentication bypass in GitHub Enterprise Server (GHES) : when external authentication is enabled, the signup endpoint could create a local user account and establish a session without validating the external identity provider. This unauthenticated access required netw...
CVE-2026-3582
CVE-2026-3582 affects GitHub Enterprise Server. An Incorrect Authorization vulnerability allowed an authenticated user with a classic PAT lacking the repo scope to retrieve issues and commits from private/internal repositories via the search REST API, provided the user already had access to the r...
CVE-2025-13744
CVE-2025-13744 affects GitHub Enterprise Server. The issue is an Improper Neutralization of Input During Web Page Generation in the Filter (search) component, allowing attacker-controlled HTML to be rendered across GitHub and potentially exfiltrate sensitive information. An attacker must have per...
CVE-2026-0573
CVE-2026-0573 affects GitHub Enterprise Server. The repository_pages API insecurely follows HTTP redirects when fetching artifact URLs, preserving the Authorization header containing a privileged JWT. An authenticated user could redirect requests to an attacker-controlled domain, exfiltrate the A...
CVE-2026-9106
The CVE-2026-9106 issue concerns GitHub Enterprise Server where a UI misrepresentation allowed an OAuth app to gain unauthorized access to an organization’s runner management. A victim could be tricked into authorizing an app requesting the manage_runners:org scope because the scope was not shown...
CVE-2026-14340
GitHub Enterprise Server (GitHub ES) suffers an incorrect authorization vulnerability (CVE-2026-14340) where a user-to-server token scoped to a GitHub App installation could perform write operations on public repositories outside the token’s scope. The root cause is an authorization check that on...
CVE-2026-2266
CVE-2026-2266 : In GitHub Enterprise Server, there is a DOM-based cross-site scripting vulnerability caused by improper neutralization of input in the task list content rendering. Authenticated users can craft malicious task list items in issues or pull requests to inject user-supplied HTML and e...