Skip to main content

Enterprise Server

32 CVEs product

Monthly

CVE-2026-14340 MEDIUM This Month

Incorrect authorization in GitHub Enterprise Server allows an attacker who has obtained a victim's user-to-server token - issued by a GitHub App installation - to perform write operations on any public repository, regardless of whether that installation was explicitly granted access to the target repository. Affected installations span all GHES versions prior to 3.22, with fixes backported to six supported release trains. The CVSS 4.0 score is 5.3 (medium); no public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-10585 MEDIUM This Month

Stored cross-site scripting in GitHub Enterprise Server's Q&A Discussion feature allows an authenticated attacker to execute arbitrary JavaScript in any visiting user's browser by embedding a crafted payload into a Discussion title. The AnsweredQuestionStructuredDataComponent unsafely injects user-controlled titles into a server-rendered <script type="application/ld+json"> block, enabling script-context breakout; the attacker then leverages JSONP callback support in the GHES REST API to load arbitrary JavaScript and bypass the Content Security Policy entirely. No public exploit or CISA KEV listing exists at time of analysis, but the CSP bypass mechanism substantially elevates practical impact beyond typical stored XSS, enabling full session hijacking of any user who views the malicious Discussion.

XSS Enterprise Server
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-9132 MEDIUM This Month

Unauthorized source code disclosure in GitHub Enterprise Server exposes private repository contents to any authenticated user on the instance, regardless of their actual repository permissions. The Copilot pull request description diff summary endpoint accepted cross-repository comparison ranges and rendered the resulting diff without verifying the requesting user held read access to the target repository - a missing authorization flaw (CWE-862) allowing lateral access to arbitrary private repositories. No active exploitation has been confirmed (not in CISA KEV), the issue was responsibly disclosed via GitHub's Bug Bounty program, and patches are available across four release branches.

Authentication Bypass Enterprise Server
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.3%
CVE-2026-9106 MEDIUM This Month

OAuth scope concealment in GitHub Enterprise Server allows an attacker to obtain unauthorized control over an organization's GitHub Actions runner management by exploiting a missing scope disclosure on the authorization consent screen. The `manage_runners:org` OAuth scope, which governs CI/CD runner infrastructure, is never shown to the victim during the standard OAuth authorization flow, enabling a maliciously crafted OAuth application to acquire it without informed user consent. No public exploit or CISA KEV listing exists at time of analysis; the CVSS 4.0 score of 4.8 and mandatory user interaction (UI:A) correctly reflect the social-engineering dependency that constrains real-world exploitation.

Information Disclosure Enterprise Server
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2026-9312 CRITICAL PATCH Act Now

Server-side request forgery in GitHub Enterprise Server lets an unauthenticated attacker coerce the appliance into issuing crafted requests to internal services, reachable through an upload endpoint that fails to validate input. By injecting path-traversal content into request parameters, an attacker can redirect internal API calls to reach back-end services and harvest sensitive credentials. No public exploit identified at time of analysis; the issue was reported through the GitHub Bug Bounty program and carries a CVSS 4.0 base score of 9.2 (Critical), though the vector flags high attack complexity and an extra attack requirement that temper real-world ease of exploitation.

Path Traversal SSRF Enterprise Server
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-8606 HIGH This Week

Server-Side Request Forgery in GitHub Enterprise Server lets an attacker coerce the appliance into issuing HTTP requests to internal services through the security advisories package-lookup feature, then use response-timing differences as an oracle to infer sensitive environment variables such as signing secrets and private keys. All versions prior to 3.21.1 are affected, and exploitation is unauthenticated on instances not running in private mode (GitHub Packages must be enabled), or available to any authenticated user otherwise. No public exploit identified at time of analysis; the issue was reported through the GitHub Bug Bounty program and carries a CVSS 4.0 base score of 7.0.

SSRF Enterprise Server
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-8106 MEDIUM This Month

Reflected HTML injection in GitHub Enterprise Server Management Console login page allows credential theft when administrators click crafted links. The /setup/unlock endpoint reflects the redirect_to query parameter into an HTML attribute without sanitization, enabling attackers to inject malicious form elements that capture credentials. Affects versions 3.19.1-3.19.5 and 3.20.0-3.20.1; fixed in 3.19.6 and 3.20.2. Exploitation requires user interaction (administrator clicking a link), limiting real-world impact despite network-accessible attack surface.

XSS Enterprise Server
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-8034 HIGH This Week

Server-side request forgery in GitHub Enterprise Server's notebook viewer enables remote unauthenticated attackers to access internal services and systems through URL parser confusion. The vulnerability exploits discrepancies between validation and request execution parsers, allowing crafted URLs to bypass hostname checks and target unintended internal hosts. All versions prior to 3.21 are affected, with patches available across supported release branches (3.16.18, 3.17.15, 3.18.9, 3.19.6, 3.20.2). CVSS 7.9 reflects high impact to subsequent system confidentiality, integrity, and availability. No active exploitation confirmed (not in CISA KEV); reported through GitHub Bug Bounty program.

SSRF Enterprise Server
NVD GitHub VulDB
CVSS 4.0
7.9
EPSS
0.0%
CVE-2026-7541 MEDIUM This Month

Denial of service in GitHub Enterprise Server allows unauthenticated remote attackers to disrupt service by sending deeply nested JSON payloads to an unprotected API endpoint, causing excessive CPU and memory consumption. Affected versions prior to 3.21 (specifically 3.16.0-3.20.1) lack request size and depth validation. Vendor-released patches available for all affected branches: 3.20.2, 3.19.6, 3.18.9, 3.17.15, and 3.16.18.

Denial Of Service Enterprise Server
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-6736 MEDIUM This Month

GitHub Enterprise Server versions prior to 3.21 contain an authentication bypass vulnerability that allows unauthenticated attackers to create local user accounts and establish sessions without validation by the configured external identity provider. The vulnerability affects instances with external authentication enabled, permitting account creation via the signup endpoint with default base permissions. Attack requires only network access and affects all affected versions across the 3.16-3.20 branch.

Authentication Bypass Enterprise Server
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-5845 HIGH PATCH This Week

An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that treated a revoked/deleted installation as a global installation context, which could be chained with token revocation timing and SSH push attribution to obtain and reuse a victim-scoped token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, and 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-5512 MEDIUM PATCH This Month

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error messages included the full repository name for repositories the caller did not have access to. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, and 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-4821 HIGH PATCH This Week

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as http_proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and administrator privileges to the Management Console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.

Command Injection Enterprise Server
NVD GitHub VulDB
CVSS 4.0
8.1
EPSS
0.0%
CVE-2026-4296 HIGH PATCH This Week

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when clicked by a victim, would redirect the OAuth authorization code to an attacker-controlled domain. This could allow the attacker to gain unauthorized access to the victim's account with the scopes granted to the OAuth application. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
7.5
EPSS
0.1%
CVE-2026-3307 MEDIUM This Month

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner_id parameter in the request body. Authorization was verified against the repository in the URL, but the action was applied to a different repository specified in the request body. The impact is limited to assigning existing trusted users as bypass reviewers; it does not allow adding arbitrary external users. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7, 3.19.4 and 3.20.1. This vulnerability was reported via the GitHub Bug Bounty program.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-3582 MEDIUM This Month

GitHub Enterprise Server allows authenticated users with limited personal access tokens to access private and internal repository data through the search API if they already have some level of access to those repositories via organization membership or collaborator status. This authorization bypass affects versions prior to 3.20 and enables information disclosure despite the tokens lacking the necessary repository scope permissions. No patch is currently available for this MEDIUM severity vulnerability.

Github Enterprise Server
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2266 MEDIUM This Month

DOM-based XSS in GitHub Enterprise Server prior to version 3.20 allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by injecting malicious HTML through task list content in issues and pull requests. The vulnerability stems from improper input neutralization in the task list rendering logic, which fails to re-encode user-supplied content before display. An attacker with repository access could exploit this to steal session tokens or perform actions on behalf of other users.

XSS Github Enterprise Server
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-3854 HIGH POC This Week

Remote code execution in GitHub Enterprise Server allows authenticated users with repository push access to execute arbitrary code via unsanitized push option values that bypass internal header validation. An attacker can inject malicious metadata fields by exploiting insufficient input sanitization in the git push operation handler. This high-severity vulnerability affects GitHub Enterprise Server versions prior to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3, with no patch currently available for all affected installations.

RCE Command Injection Enterprise Server
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2026-3306 MEDIUM This Month

GitHub Enterprise Server allows users with read-only repository access and project write permissions to modify issue and pull request metadata by exploiting insufficient authorization checks when updating project items. An attacker with these limited permissions can alter sensitive metadata without the required repository write access, potentially disrupting workflow management and data integrity. This vulnerability affects multiple versions and currently has no publicly available patch.

Github Enterprise Server
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1999 HIGH This Week

GitHub Enterprise Server allows authenticated webhook administrators to bypass network restrictions through Server-Side Request Forgery, enabling access to internal services, job queues, and sensitive endpoints on loopback addresses. This affects all versions prior to 3.20 and requires valid credentials with webhook configuration privileges. No patch is currently available, and exploitation could lead to unauthorized data access or disruption of background job processing.

SSRF Enterprise Server
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-1355 MEDIUM This Month

GitHub Enterprise Server versions before 3.20 contain an authorization bypass in the repository migration upload endpoint that permits authenticated attackers to inject malicious content into other users' migration exports. An attacker can overwrite a victim's migration archive and cause them to download compromised repository data during restoration or automated imports. No patch is currently available, affecting all versions prior to 3.20.

Github Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0573 CRITICAL Act Now

URL redirection vulnerability in GitHub Enterprise Server allows attacker-controlled redirects through crafted URLs, potentially enabling credential theft via phishing.

RCE Github Enterprise Server
NVD GitHub
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-13744 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component (search) across GitHub that could be used to exfiltrate sensitive information. [CVSS 5.4 MEDIUM]

Github Enterprise Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-11892 HIGH This Month

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation Enterprise Server
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-11578 HIGH This Month

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-8447 HIGH This Month

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-6600 MEDIUM This Month

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-3509 HIGH This Week

A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Code Injection Enterprise Server
NVD GitHub
CVSS 4.0
7.1
EPSS
2.3%
CVE-2025-3246 HIGH This Week

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Enterprise Server
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-3124 MEDIUM This Month

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-10001 HIGH This Month

A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Code Injection Enterprise Server
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-23369 HIGH This Month

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 11.8% and no vendor patch available.

Authentication Bypass Jwt Attack Enterprise Server
NVD GitHub
CVSS 4.0
7.6
EPSS
11.8%
EPSS 0% CVSS 5.3
MEDIUM This Month

Incorrect authorization in GitHub Enterprise Server allows an attacker who has obtained a victim's user-to-server token - issued by a GitHub App installation - to perform write operations on any public repository, regardless of whether that installation was explicitly granted access to the target repository. Affected installations span all GHES versions prior to 3.22, with fixes backported to six supported release trains. The CVSS 4.0 score is 5.3 (medium); no public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass Enterprise Server
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

Stored cross-site scripting in GitHub Enterprise Server's Q&A Discussion feature allows an authenticated attacker to execute arbitrary JavaScript in any visiting user's browser by embedding a crafted payload into a Discussion title. The AnsweredQuestionStructuredDataComponent unsafely injects user-controlled titles into a server-rendered <script type="application/ld+json"> block, enabling script-context breakout; the attacker then leverages JSONP callback support in the GHES REST API to load arbitrary JavaScript and bypass the Content Security Policy entirely. No public exploit or CISA KEV listing exists at time of analysis, but the CSP bypass mechanism substantially elevates practical impact beyond typical stored XSS, enabling full session hijacking of any user who views the malicious Discussion.

XSS Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

Unauthorized source code disclosure in GitHub Enterprise Server exposes private repository contents to any authenticated user on the instance, regardless of their actual repository permissions. The Copilot pull request description diff summary endpoint accepted cross-repository comparison ranges and rendered the resulting diff without verifying the requesting user held read access to the target repository - a missing authorization flaw (CWE-862) allowing lateral access to arbitrary private repositories. No active exploitation has been confirmed (not in CISA KEV), the issue was responsibly disclosed via GitHub's Bug Bounty program, and patches are available across four release branches.

Authentication Bypass Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

OAuth scope concealment in GitHub Enterprise Server allows an attacker to obtain unauthorized control over an organization's GitHub Actions runner management by exploiting a missing scope disclosure on the authorization consent screen. The `manage_runners:org` OAuth scope, which governs CI/CD runner infrastructure, is never shown to the victim during the standard OAuth authorization flow, enabling a maliciously crafted OAuth application to acquire it without informed user consent. No public exploit or CISA KEV listing exists at time of analysis; the CVSS 4.0 score of 4.8 and mandatory user interaction (UI:A) correctly reflect the social-engineering dependency that constrains real-world exploitation.

Information Disclosure Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Server-side request forgery in GitHub Enterprise Server lets an unauthenticated attacker coerce the appliance into issuing crafted requests to internal services, reachable through an upload endpoint that fails to validate input. By injecting path-traversal content into request parameters, an attacker can redirect internal API calls to reach back-end services and harvest sensitive credentials. No public exploit identified at time of analysis; the issue was reported through the GitHub Bug Bounty program and carries a CVSS 4.0 base score of 9.2 (Critical), though the vector flags high attack complexity and an extra attack requirement that temper real-world ease of exploitation.

Path Traversal SSRF Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH This Week

Server-Side Request Forgery in GitHub Enterprise Server lets an attacker coerce the appliance into issuing HTTP requests to internal services through the security advisories package-lookup feature, then use response-timing differences as an oracle to infer sensitive environment variables such as signing secrets and private keys. All versions prior to 3.21.1 are affected, and exploitation is unauthenticated on instances not running in private mode (GitHub Packages must be enabled), or available to any authenticated user otherwise. No public exploit identified at time of analysis; the issue was reported through the GitHub Bug Bounty program and carries a CVSS 4.0 base score of 7.0.

SSRF Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

Reflected HTML injection in GitHub Enterprise Server Management Console login page allows credential theft when administrators click crafted links. The /setup/unlock endpoint reflects the redirect_to query parameter into an HTML attribute without sanitization, enabling attackers to inject malicious form elements that capture credentials. Affects versions 3.19.1-3.19.5 and 3.20.0-3.20.1; fixed in 3.19.6 and 3.20.2. Exploitation requires user interaction (administrator clicking a link), limiting real-world impact despite network-accessible attack surface.

XSS Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 7.9
HIGH This Week

Server-side request forgery in GitHub Enterprise Server's notebook viewer enables remote unauthenticated attackers to access internal services and systems through URL parser confusion. The vulnerability exploits discrepancies between validation and request execution parsers, allowing crafted URLs to bypass hostname checks and target unintended internal hosts. All versions prior to 3.21 are affected, with patches available across supported release branches (3.16.18, 3.17.15, 3.18.9, 3.19.6, 3.20.2). CVSS 7.9 reflects high impact to subsequent system confidentiality, integrity, and availability. No active exploitation confirmed (not in CISA KEV); reported through GitHub Bug Bounty program.

SSRF Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Denial of service in GitHub Enterprise Server allows unauthenticated remote attackers to disrupt service by sending deeply nested JSON payloads to an unprotected API endpoint, causing excessive CPU and memory consumption. Affected versions prior to 3.21 (specifically 3.16.0-3.20.1) lack request size and depth validation. Vendor-released patches available for all affected branches: 3.20.2, 3.19.6, 3.18.9, 3.17.15, and 3.16.18.

Denial Of Service Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

GitHub Enterprise Server versions prior to 3.21 contain an authentication bypass vulnerability that allows unauthenticated attackers to create local user accounts and establish sessions without validation by the configured external identity provider. The vulnerability affects instances with external authentication enabled, permitting account creation via the signup endpoint with default base permissions. Attack requires only network access and affects all affected versions across the 3.16-3.20 branch.

Authentication Bypass Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that treated a revoked/deleted installation as a global installation context, which could be chained with token revocation timing and SSH push attribution to obtain and reuse a victim-scoped token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, and 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.

Authentication Bypass Enterprise Server
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error messages included the full repository name for repositories the caller did not have access to. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, and 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.

Information Disclosure Enterprise Server
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as http_proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and administrator privileges to the Management Console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.

Command Injection Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when clicked by a victim, would redirect the OAuth authorization code to an attacker-controlled domain. This could allow the attacker to gain unauthorized access to the victim's account with the scopes granted to the OAuth application. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.

Authentication Bypass Enterprise Server
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner_id parameter in the request body. Authorization was verified against the repository in the URL, but the action was applied to a different repository specified in the request body. The impact is limited to assigning existing trusted users as bypass reviewers; it does not allow adding arbitrary external users. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7, 3.19.4 and 3.20.1. This vulnerability was reported via the GitHub Bug Bounty program.

Authentication Bypass Enterprise Server
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

GitHub Enterprise Server allows authenticated users with limited personal access tokens to access private and internal repository data through the search API if they already have some level of access to those repositories via organization membership or collaborator status. This authorization bypass affects versions prior to 3.20 and enables information disclosure despite the tokens lacking the necessary repository scope permissions. No patch is currently available for this MEDIUM severity vulnerability.

Github Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

DOM-based XSS in GitHub Enterprise Server prior to version 3.20 allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by injecting malicious HTML through task list content in issues and pull requests. The vulnerability stems from improper input neutralization in the task list rendering logic, which fails to re-encode user-supplied content before display. An attacker with repository access could exploit this to steal session tokens or perform actions on behalf of other users.

XSS Github Enterprise Server
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH POC This Week

Remote code execution in GitHub Enterprise Server allows authenticated users with repository push access to execute arbitrary code via unsanitized push option values that bypass internal header validation. An attacker can inject malicious metadata fields by exploiting insufficient input sanitization in the git push operation handler. This high-severity vulnerability affects GitHub Enterprise Server versions prior to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3, with no patch currently available for all affected installations.

RCE Command Injection Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

GitHub Enterprise Server allows users with read-only repository access and project write permissions to modify issue and pull request metadata by exploiting insufficient authorization checks when updating project items. An attacker with these limited permissions can alter sensitive metadata without the required repository write access, potentially disrupting workflow management and data integrity. This vulnerability affects multiple versions and currently has no publicly available patch.

Github Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

GitHub Enterprise Server allows authenticated webhook administrators to bypass network restrictions through Server-Side Request Forgery, enabling access to internal services, job queues, and sensitive endpoints on loopback addresses. This affects all versions prior to 3.20 and requires valid credentials with webhook configuration privileges. No patch is currently available, and exploitation could lead to unauthorized data access or disruption of background job processing.

SSRF Enterprise Server
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

GitHub Enterprise Server versions before 3.20 contain an authorization bypass in the repository migration upload endpoint that permits authenticated attackers to inject malicious content into other users' migration exports. An attacker can overwrite a victim's migration archive and cause them to download compromised repository data during restoration or automated imports. No patch is currently available, affecting all versions prior to 3.20.

Github Enterprise Server
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL Act Now

URL redirection vulnerability in GitHub Enterprise Server allows attacker-controlled redirects through crafted URLs, potentially enabling credential theft via phishing.

RCE Github Enterprise Server
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component (search) across GitHub that could be used to exfiltrate sensitive information. [CVSS 5.4 MEDIUM]

Github Enterprise Server
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Month

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation Enterprise Server
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Month

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Month

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.

Information Disclosure Enterprise Server
NVD GitHub
EPSS 2% CVSS 7.1
HIGH This Week

A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Code Injection +1
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Week

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Enterprise Server
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Month

A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Code Injection +1
NVD GitHub
EPSS 12% CVSS 7.6
HIGH This Month

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 11.8% and no vendor patch available.

Authentication Bypass Jwt Attack Enterprise Server
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy