Vulnerabilities in github
139 resultsCVE-2021-22870—Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read accessEPSS 1.1%CVE-2022-23741HIGHIncorrect authorization in GitHub Enterprise Server token generation leading to full admin accessEPSS 1.1%CVE-2024-3684HIGHImproper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management ConsoleEPSS 1.1%CVE-2022-24722HIGHCross-site Scripting in view_componentEPSS 1.1%CVE-2020-10517—Improper access control in GitHub Enterprise Server leading to the enumeration of private repository namesEPSS 1.1%CVE-2021-22866—UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resourcesEPSS 1.0%CVE-2023-23760MEDIUMPath traversal in GitHub Enterprise Server leading to remote code executionEPSS 1.0%CVE-2023-26485MEDIUMQuadratic complexity may lead to a denial of service in cmark-gfmEPSS 1.0%CVE-2023-24824MEDIUMQuadratic complexity may lead to a denial of service in cmark-gfmEPSS 1.0%CVE-2022-31026MEDIUMUse of Uninitialized Variable in trilogyEPSS 1.0%CVE-2021-22863—Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requestsEPSS 1.0%CVE-2023-22484LOWInefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of serviceEPSS 1.0%CVE-2023-22483LOWcmark-gfm Quadratic complexity bugs may lead to a denial of serviceEPSS 0.9%CVE-2021-22861—Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositoriesEPSS 0.9%CVE-2021-22868—Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise ServerEPSS 0.9%CVE-2025-24362HIGHCodeQL GitHub Action failed workflow writes GitHub PAT to debug artifactsEPSS 0.9%CVE-2024-5746HIGHA Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator EPSS 0.9%CVE-2024-10007HIGHPre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege EscalationEPSS 0.8%CVE-2023-22381MEDIUMCode injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub ActionsEPSS 0.8%CVE-2023-6847HIGHImproper Authentication in GitHub Enterprise Server leading to Authentication Bypass for Public Repository DataEPSS 0.8%