Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitHub — Vulnerabilities & Security Advisories 135

Browse all 135 CVE security advisories affecting GitHub. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitHub operates as a cloud-based platform for version control and collaborative software development, primarily hosting Git repositories for millions of developers worldwide. Its extensive attack surface has historically exposed it to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation, often stemming from complex integrations and third-party dependencies. With 131 recorded CVEs, the platform has faced significant security challenges, most notably the 2021 incident where attackers compromised two-factor authentication tokens to access internal systems, leading to the theft of source code from major clients. These breaches underscore the risks associated with centralized code hosting and the potential for supply chain attacks. While GitHub employs rigorous security measures, its scale and role as infrastructure for global software development make it a high-value target, necessitating continuous vigilance against both external exploits and insider threats to maintain the integrity of the open-source ecosystem.

Top products by GitHub: Enterprise Server GitHub Enterprise Server cmark-gfm codeql-action vscode-codeql paste-markdown view_component trilogy codeql-cli-binaries Webiness Inventory copilot-cli
CVE IDTitleCVSSSeverityPublished
CVE-2023-24824 Quadratic complexity may lead to a denial of service in cmark-gfm — cmark-gfmCWE-400 5.3 Medium2023-03-31
CVE-2023-26485 Quadratic complexity may lead to a denial of service in cmark-gfm — cmark-gfmCWE-400 5.3 Medium2023-03-31
CVE-2023-23760 Path traversal in GitHub Enterprise Server leading to remote code execution — Enterprise ServerCWE-22 4.9 Medium2023-03-08
CVE-2022-46257 Information disclosure in GitHub Enterprise Server leading to unauthorized viewing of private repository names — GitHub Enterprise ServerCWE-200 6.5 -2023-03-07
CVE-2023-22381 Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions — Enterprise ServerCWE-94 4.1 Medium2023-03-02
CVE-2023-22380 Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site — GitHub Enterprise ServerCWE-22 6.5 -2023-02-16
CVE-2023-22486 cmark-gfm Quadratic complexity bug in handle_close_bracket may lead to a denial of service — cmark-gfmCWE-400 3.5 Low2023-01-24
CVE-2023-22485 cmark-gfm out-of-bounds read in validate_protocol — cmark-gfmCWE-125 5.3 Medium2023-01-24
CVE-2023-22484 Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service — cmark-gfmCWE-400 3.5 Low2023-01-23
CVE-2023-22483 cmark-gfm Quadratic complexity bugs may lead to a denial of service — cmark-gfmCWE-400 3.5 Low2023-01-23
CVE-2022-23739 Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens — GitHub Enterprise ServerCWE-863 7.8 -2023-01-17
CVE-2022-46258 Incorrect Authorization in GitHub Enterprise Server leads to Action Workflow modifications without Workflow Scope — GitHub Enterprise ServerCWE-863 6.5 -2023-01-09
CVE-2022-23741 Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access — GitHub Enterprise ServerCWE-863 7.2 -2022-12-14
CVE-2022-46255 Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE — GitHub Enterprise ServerCWE-22 9.8 -2022-12-14
CVE-2022-46256 Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages — GitHub Enterprise ServerCWE-22 8.8 -2022-12-14
CVE-2022-23737 Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion — GitHub Enterprise ServerCWE-269 6.5 -2022-12-01
CVE-2022-23740 Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution — GitHub Enterprise ServerCWE-88 8.8 -2022-11-23
CVE-2022-23738 Incomplete cache verification issue in GitHub Enterprise Server leading to exposure of private repo files — GitHub Enterprise ServerCWE-200 5.7 -2022-11-01
CVE-2022-23734 Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution — GitHub Enterprise ServerCWE-502 8.8 -2022-10-19
CVE-2022-39209 Uncontrolled Resource Consumption in cmark-gfm — cmark-gfmCWE-400 7.5 High2022-09-15
CVE-2022-23733 Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes — GitHub Enterprise ServerCWE-79 5.4 -2022-08-02
CVE-2022-31026 Use of Uninitialized Variable in trilogy — trilogyCWE-908 5.9 Medium2022-06-06
CVE-2022-23732 Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections — GitHub Enterprise ServerCWE-23 8.8 -2022-04-05
CVE-2022-24724 Integer overflow in table parsing extension leads to heap memory corruption — cmark-gfmCWE-190 8.8 High2022-03-03
CVE-2022-24722 Cross-site Scripting in view_component — view_componentCWE-79 8.1 High2022-03-02
CVE-2021-41599 Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution — GitHub Enterprise ServerCWE-77 8.8 -2022-02-17
CVE-2021-41598 UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user — GitHub Enterprise ServerCWE-451 8.8 -2022-01-25
CVE-2021-22870 Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access — GitHub Enterprise ServerCWE-23 6.5 -2021-11-10
CVE-2021-22868 Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server — GitHub Enterprise ServerCWE-77 6.5 -2021-09-24
CVE-2021-22869 Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group — GitHub Enterprise ServerCWE-668 9.8 -2021-09-24

This page lists every published CVE security advisory associated with GitHub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.