Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Enterprise Server — Vulnerabilities & Security Advisories 78

All 78 CVE vulnerabilities found in Enterprise Server, with AI-generated Chinese analysis, references, and POCs.

This page details Common Vulnerabilities and Exposures (CVE) weaknesses associated with Enterprise Server. It aggregates known security flaws, misconfigurations, and software bugs affecting the Enterprise Server product line, spanning from early 2020 to the present. Users can leverage this resource to track vendor advisories for the platform, understand the characteristics and impact of specific weakness classes, and look up the product's vulnerability history to assess risk over time. The data is curated to provide a comprehensive view of the security posture of Enterprise Server, highlighting critical issues that may impact enterprise operations. By consolidating information from various sources, this aggregation enables security professionals, system administrators, and compliance officers to maintain an accurate and up-to-date inventory of known vulnerabilities. The page emphasizes clarity and accessibility, ensuring that relevant technical details are available without unnecessary complexity. This approach supports informed decision-making regarding patch management, risk mitigation, and security monitoring. The content is regularly updated to reflect the latest findings and vendor disclosures. It serves as a central reference point for understanding the threat landscape surrounding Enterprise Server, helping organizations prioritize remediation efforts based on severity and exposure. This resource is intended for technical audiences who require precise and actionable security intelligence.

Vendor: GitHub

CVE IDTitleCVSSSeverityPublished
CVE-2026-14340 An incorrect authorization vulnerability in GitHub Enterprise Server allows issue creation in unrelated public repositories CWE-863--2026-07-01
CVE-2026-10585 Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category CWE-79--2026-06-30
CVE-2026-9132 Missing authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository contents via the Copilot pull request diff summary endpoint CWE-862--2026-06-30
CVE-2026-9106 UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen CWE-451--2026-06-30
CVE-2026-9312 Server-Side Request Forgery vulnerability in GitHub Enterprise Server allowed access to internal services via path traversal in upload endpoint CWE-918--2026-05-27
CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint CWE-918--2026-05-26
CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft CWE-79 6.1AIMediumAI2026-05-07
CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion CWE-918 8.2AIHighAI2026-05-07
CVE-2026-7541 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint CWE-770 7.5AIHighAI2026-05-07
CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider CWE-306 6.5AIMediumAI2026-05-07
CVE-2026-5845 Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server CWE-639 8.1AIHighAI2026-04-21
CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers CWE-639 2.7AILowAI2026-04-21
CVE-2026-5512 Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API CWE-201 4.3AIMediumAI2026-04-21
CVE-2026-4296 Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass CWE-185 8.2AIHighAI2026-04-21
CVE-2026-5921 Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack CWE-918 7.5AIHighAI2026-04-21
CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope CWE-862 6.5AIMediumAI2026-03-10
CVE-2026-2266 Improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting via task list content and enabled arbitrary HTML injection CWE-79 5.4AIMediumAI2026-03-10
CVE-2026-3306 Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access CWE-639 4.3AIMediumAI2026-03-10
CVE-2026-3854 Remote code execution via git push option injection in GitHub Enterprise Server CWE-77 8.8AIHighAI2026-03-10
CVE-2026-1999 Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests CWE-863 7.5 -2026-02-18
CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports CWE-862 7.3 -2026-02-18
CVE-2026-0573 Improper Handling of HTTP Redirects vulnerability was identified in GitHub Enterprise Server that allowed leaking of authorization token and enabled remote code execution CWE-601 7.3 -2026-02-18
CVE-2025-13744 Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML CWE-79 5.4 -2026-01-06
CVE-2025-14046 Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized Data Islands and Trigger Unintended Server-Side POST Requests CWE-79 4.6AIMediumAI2025-12-11
CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation CWE-59 7.2 -2025-11-10
CVE-2025-11892 DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers CWE-79 6.1 -2025-11-10
CVE-2025-8447 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access CWE-639 3.1AILowAI2025-08-26
CVE-2025-6981 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized read-only access CWE-863 7.5AIHighAI2025-07-15
CVE-2025-3509 Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation CWE-94 6.6AIMediumAI2025-04-17
CVE-2025-3124 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names CWE-862 4.3AIMediumAI2025-04-17

All 78 known CVE vulnerabilities affecting Enterprise Server with full Chinese analysis, references, and POCs where available.