Vulnerabilities > Github

DATE CVE VULNERABILITY TITLE RISK
2022-04-05 CVE-2022-23732 Path Traversal vulnerability in Github Enterprise Server
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections.
network
github CWE-22
6.8
2022-03-03 CVE-2022-24724 Integer Overflow or Wraparound vulnerability in multiple products
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark.
network
low complexity
github fedoraproject CWE-190
7.5
2022-03-02 CVE-2022-24722 Cross-site Scripting vulnerability in Github Viewcomponent
VIewComponent is a framework for building view components in Ruby on Rails.
network
github CWE-79
4.3
2022-02-18 CVE-2021-41599 Unspecified vulnerability in Github Enterprise Server
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site.
network
low complexity
github
6.5
2022-02-01 CVE-2022-21687 Improper Input Validation vulnerability in Github Gh-Ost
gh-ost is a triggerless online schema migration solution for MySQL.
network
github CWE-20
4.3
2022-01-25 CVE-2021-41598 Unspecified vulnerability in Github Enterprise Server
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval.
network
github
6.8
2021-11-10 CVE-2021-22870 Path Traversal vulnerability in Github Enterprise Server
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files.
network
low complexity
github CWE-22
4.0
2021-09-24 CVE-2021-22868 Path Traversal vulnerability in Github Enterprise Server
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site.
network
low complexity
github CWE-22
4.0
2021-09-24 CVE-2021-22869 Exposure of Resource to Wrong Sphere vulnerability in Github Enterprise Server
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to.
network
low complexity
github CWE-668
7.5
2021-08-23 CVE-2021-39371 XXE vulnerability in multiple products
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity.
network
low complexity
github osgeo debian CWE-611
5.0