Enterprise Server Security Vulnerabilities and Issues — Enterprise Server CVE List

Lucene search

GithubEnterprise Server

8 matches found

CVE•added 2025/01/21 7:15 p.m.•2280 views

CVE-2025-23369

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This vul...

8.8CVSS6.4AI score0.07751EPSS

CVE•added 2025/04/17 11:15 p.m.•484 views

CVE-2025-3509

A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically a...

7.2CVSS7.9AI score0.00258EPSS

CVE•added 2025/04/17 11:15 p.m.•60 views

CVE-2025-3124

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only usin...

5.3CVSS6.2AI score0.00028EPSS

CVE•added 2025/04/17 11:15 p.m.•50 views

CVE-2025-3246

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used $$..$$ math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the malic...

8.6CVSS5.9AI score0.00022EPSS

CVE•added 2025/01/29 7:15 p.m.•45 views

CVE-2024-10001

A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive data by manipulating the DOM, including authentica...

7.1CVSS7.2AI score0.00101EPSS

CVE•added 2025/07/01 7:15 p.m.•13 views

CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpo...

6.3CVSS6.4AI score0.00025EPSS

CVE•added 2025/07/15 9:15 p.m.•11 views

CVE-2025-6981

An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of Gi...

5.3CVSS6.2AI score0.00034EPSS

CVE•added 2025/08/26 2:15 a.m.•9 views

CVE-2025-8447

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the na...

7CVSS7.1AI score0.00019EPSS