Github

Enterprise Server

117 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.29%
  • Veröffentlicht 17.04.2025 22:50:22
  • Zuletzt bearbeitet 05.09.2025 15:00:02

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Exploitation required access to the target GitHub Enterprise Server ins...

  • EPSS 1.23%
  • Veröffentlicht 17.04.2025 22:50:18
  • Zuletzt bearbeitet 05.09.2025 14:59:50

A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromis...

  • EPSS 0.41%
  • Veröffentlicht 17.04.2025 22:50:14
  • Zuletzt bearbeitet 05.09.2025 15:00:04

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Securi...

  • EPSS 0.37%
  • Veröffentlicht 29.01.2025 19:15:18
  • Zuletzt bearbeitet 05.09.2025 15:00:06

A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive d...

  • EPSS 1.55%
  • Veröffentlicht 21.01.2025 19:15:12
  • Zuletzt bearbeitet 05.09.2025 15:00:09

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not al...

  • EPSS 0.43%
  • Veröffentlicht 07.11.2024 22:15:21
  • Zuletzt bearbeitet 27.08.2025 16:33:25

A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. Th...

  • EPSS 0.34%
  • Veröffentlicht 07.11.2024 22:15:20
  • Zuletzt bearbeitet 27.08.2025 16:27:58

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organiza...

  • EPSS 0.85%
  • Veröffentlicht 07.11.2024 21:15:06
  • Zuletzt bearbeitet 27.08.2025 16:32:40

A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator acces...

  • EPSS 0.62%
  • Veröffentlicht 11.10.2024 18:15:08
  • Zuletzt bearbeitet 15.11.2024 17:15:06

An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing ph...

  • EPSS 22.44%
  • Veröffentlicht 10.10.2024 22:15:11
  • Zuletzt bearbeitet 15.11.2024 16:57:10

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation ...