Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Github — Vulnerabilities & Security Advisories 135

Browse all 135 CVE security advisories affecting Github. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitHub operates as a cloud-based platform for version control and collaborative software development, primarily hosting Git repositories for millions of developers worldwide. Its extensive attack surface has historically exposed it to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation, often stemming from complex integrations and third-party dependencies. With 131 recorded CVEs, the platform has faced significant security challenges, most notably the 2021 incident where attackers compromised two-factor authentication tokens to access internal systems, leading to the theft of source code from major clients. These breaches underscore the risks associated with centralized code hosting and the potential for supply chain attacks. While GitHub employs rigorous security measures, its scale and role as infrastructure for global software development make it a high-value target, necessitating continuous vigilance against both external exploits and insider threats to maintain the integrity of the open-source ecosystem.

Top products by Github: Enterprise Server GitHub Enterprise Server cmark-gfm codeql-action vscode-codeql paste-markdown view_component trilogy codeql-cli-binaries Webiness Inventory copilot-cli
CVE IDTitleCVSSSeverityPublished
CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft — Enterprise ServerCWE-79 6.1AIMediumAI2026-05-07
CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion — Enterprise ServerCWE-918 8.2AIHighAI2026-05-07
CVE-2026-7541 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint — Enterprise ServerCWE-770 7.5AIHighAI2026-05-07
CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider — Enterprise ServerCWE-306 6.5AIMediumAI2026-05-07
CVE-2026-5845 Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server — Enterprise ServerCWE-639 8.1AIHighAI2026-04-21
CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers — Enterprise ServerCWE-639 2.7AILowAI2026-04-21
CVE-2026-5512 Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API — Enterprise ServerCWE-201 4.3AIMediumAI2026-04-21
CVE-2026-4296 Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass — Enterprise ServerCWE-185 8.2AIHighAI2026-04-21
CVE-2026-4821 Proxy configuration command injection vulnerability found in GitHub Enterprise Server Management Console configuration API — Enterprise ServerCWE-78 7.2AIHighAI2026-04-21
CVE-2026-5921 Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack — Enterprise ServerCWE-918 7.5AIHighAI2026-04-21
CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope — Enterprise ServerCWE-862 6.5AIMediumAI2026-03-10
CVE-2026-2266 Improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting via task list content and enabled arbitrary HTML injection — Enterprise ServerCWE-79 5.4AIMediumAI2026-03-10
CVE-2026-3306 Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access — Enterprise ServerCWE-639 4.3AIMediumAI2026-03-10
CVE-2026-3854 Remote code execution via git push option injection in GitHub Enterprise Server — Enterprise ServerCWE-77 8.8AIHighAI2026-03-10
CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution — copilot-cliCWE-78 8.0 -2026-03-06
CVE-2018-25188 Webiness Inventory 2.3 SQL Injection via WsModelGrid.php — Webiness InventoryCWE-89 8.2 High2026-03-06
CVE-2026-1999 Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests — Enterprise ServerCWE-863 7.5 -2026-02-18
CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports — Enterprise ServerCWE-862 7.3 -2026-02-18
CVE-2026-0573 Improper Handling of HTTP Redirects vulnerability was identified in GitHub Enterprise Server that allowed leaking of authorization token and enabled remote code execution — Enterprise ServerCWE-601 7.3 -2026-02-18
CVE-2025-13744 Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML — Enterprise ServerCWE-79 5.4 -2026-01-06
CVE-2025-14046 Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized Data Islands and Trigger Unintended Server-Side POST Requests — Enterprise ServerCWE-79 4.6AIMediumAI2025-12-11
CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation — Enterprise ServerCWE-59 7.2 -2025-11-10
CVE-2025-11892 DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers — Enterprise ServerCWE-79 6.1 -2025-11-10
CVE-2025-8447 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access — Enterprise ServerCWE-639 3.1AILowAI2025-08-26
CVE-2025-6981 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized read-only access — Enterprise ServerCWE-863 7.5AIHighAI2025-07-15
CVE-2025-6600 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API — GitHub Enterprise ServerCWE-200 5.3AIMediumAI2025-07-01
CVE-2025-3246 Markdown math block sanitization bypass allows privilege escalation and unauthorized workflow triggers — GitHub Enterprise ServerCWE-79 5.4AIMediumAI2025-04-17
CVE-2025-3509 Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation — Enterprise ServerCWE-94 6.6AIMediumAI2025-04-17
CVE-2025-3124 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names — Enterprise ServerCWE-862 4.3AIMediumAI2025-04-17
CVE-2024-10001 Code Injection Vulnerability in GitHub Enterprise Server Allows Arbitrary Code Execution via Message Handling — Enterprise ServerCWE-94 8.3 -2025-01-29

This page lists every published CVE security advisory associated with Github. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.