Vulnerabilities > Github
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2024-52308 | Command Injection vulnerability in Github CLI The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. | 9.6 |
| 2024-10-11 | CVE-2024-9539 | Unspecified vulnerability in Github Enterprise Server An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. | 4.3 |
| 2024-10-10 | CVE-2024-9487 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. | 9.1 |
| 2024-09-23 | CVE-2024-8263 | Unspecified vulnerability in Github Enterprise Server An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. | 2.7 |
| 2024-09-23 | CVE-2024-8770 | Cross-site Scripting vulnerability in Github Enterprise Server A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. | 6.1 |
| 2024-09-02 | CVE-2024-42471 | Path Traversal vulnerability in Github Actions/Artifact and Actions Toolkit actions/artifact is the GitHub ToolKit for developing GitHub Actions. | 7.5 |
| 2024-08-20 | CVE-2024-6337 | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. | 6.5 |
| 2024-08-20 | CVE-2024-6800 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. | 9.8 |
| 2024-08-20 | CVE-2024-7711 | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. | 4.3 |
| 2024-07-16 | CVE-2024-5566 | Unspecified vulnerability in Github Enterprise Server An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. | 6.5 |