Vulnerabilities > Github > Enterprise Server > 3.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-02 | CVE-2023-22381 | Code Injection vulnerability in Github Enterprise Server A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. | 8.8 |
| 2023-01-17 | CVE-2022-23739 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. | 9.8 |
| 2023-01-09 | CVE-2022-46258 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. | 6.5 |
| 2022-12-14 | CVE-2022-23741 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. | 7.2 |
| 2022-12-14 | CVE-2022-46256 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. | 8.8 |
| 2022-12-01 | CVE-2022-23737 | Improper Privilege Management vulnerability in Github Enterprise Server An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. | 6.5 |
| 2022-10-19 | CVE-2022-23734 | Deserialization of Untrusted Data vulnerability in Github Enterprise Server A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. | 8.8 |
| 2022-04-05 | CVE-2022-23732 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. | 8.8 |
| 2022-02-18 | CVE-2021-41599 | Unspecified vulnerability in Github Enterprise Server A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 8.8 |
| 2022-01-25 | CVE-2021-41598 | Unspecified vulnerability in Github Enterprise Server A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. | 8.8 |