Browse all 135 CVE security advisories affecting GitHub. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GitHub operates as a cloud-based platform for version control and collaborative software development, primarily hosting Git repositories for millions of developers worldwide. Its extensive attack surface has historically exposed it to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation, often stemming from complex integrations and third-party dependencies. With 131 recorded CVEs, the platform has faced significant security challenges, most notably the 2021 incident where attackers compromised two-factor authentication tokens to access internal systems, leading to the theft of source code from major clients. These breaches underscore the risks associated with centralized code hosting and the potential for supply chain attacks. While GitHub employs rigorous security measures, its scale and role as infrastructure for global software development make it a high-value target, necessitating continuous vigilance against both external exploits and insider threats to maintain the integrity of the open-source ecosystem.
This page lists every published CVE security advisory associated with GitHub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.