Github

Enterprise Server

117 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.22%
  • Veröffentlicht 01.07.2026 21:03:00
  • Zuletzt bearbeitet 06.07.2026 17:17:56

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope....

  • EPSS 0.29%
  • Veröffentlicht 30.06.2026 21:39:02
  • Zuletzt bearbeitet 02.07.2026 15:33:48

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in t...

  • EPSS 0.28%
  • Veröffentlicht 30.06.2026 20:23:37
  • Zuletzt bearbeitet 02.07.2026 15:35:27

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoi...

  • EPSS 0.32%
  • Veröffentlicht 30.06.2026 20:21:12
  • Zuletzt bearbeitet 02.07.2026 15:41:11

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application reques...

Medienbericht
  • EPSS 6.55%
  • Veröffentlicht 27.05.2026 00:16:39
  • Zuletzt bearbeitet 30.06.2026 21:16:31

A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By...

  • EPSS 0.39%
  • Veröffentlicht 27.05.2026 00:16:37
  • Zuletzt bearbeitet 01.06.2026 18:33:07

A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing re...

  • EPSS 0.16%
  • Veröffentlicht 07.05.2026 21:18:59
  • Zuletzt bearbeitet 11.05.2026 17:12:47

A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirect_to query parameter on the /setup/unlock endpoint was reflected into an HTML attribut...

  • EPSS 0.38%
  • Veröffentlicht 07.05.2026 21:18:49
  • Zuletzt bearbeitet 11.05.2026 17:18:27

A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP reques...

  • EPSS 0.39%
  • Veröffentlicht 07.05.2026 21:18:35
  • Zuletzt bearbeitet 11.05.2026 17:19:36

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The end...

  • EPSS 0.27%
  • Veröffentlicht 07.05.2026 21:14:33
  • Zuletzt bearbeitet 11.05.2026 17:20:51

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, ...