CVE-2026-5845
- EPSS 0.23%
- Veröffentlicht 21.04.2026 22:42:13
- Zuletzt bearbeitet 29.04.2026 12:30:18
An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write o...
CVE-2026-3307
- EPSS 0.27%
- Veröffentlicht 21.04.2026 22:23:25
- Zuletzt bearbeitet 29.04.2026 12:47:57
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipu...
CVE-2026-5512
- EPSS 0.3%
- Veröffentlicht 21.04.2026 22:12:58
- Zuletzt bearbeitet 29.04.2026 12:35:08
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an ear...
CVE-2026-4296
- EPSS 0.32%
- Veröffentlicht 21.04.2026 22:12:45
- Zuletzt bearbeitet 29.04.2026 12:39:18
An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could c...
CVE-2026-4821
- EPSS 0.01%
- Veröffentlicht 21.04.2026 22:12:26
- Zuletzt bearbeitet 10.06.2026 05:16:53
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it was published in error.
CVE-2026-5921
- EPSS 0.33%
- Veröffentlicht 21.04.2026 22:11:02
- Zuletzt bearbeitet 28.04.2026 20:43:12
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering se...
CVE-2026-3582
- EPSS 0.25%
- Veröffentlicht 10.03.2026 18:56:56
- Zuletzt bearbeitet 12.03.2026 18:42:24
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token (PAT) lacking the repo scope to retrieve issues and commits from private and internal reposito...
CVE-2026-2266
- EPSS 0.18%
- Veröffentlicht 10.03.2026 18:55:38
- Zuletzt bearbeitet 12.03.2026 18:43:27
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nod...
CVE-2026-3306
- EPSS 0.32%
- Veröffentlicht 10.03.2026 17:46:57
- Zuletzt bearbeitet 12.03.2026 18:46:22
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item t...
CVE-2026-3854
- EPSS 24.46%
- Veröffentlicht 10.03.2026 17:37:34
- Zuletzt bearbeitet 28.04.2026 19:37:39
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supp...