Vulnerabilities > Github
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-14 | CVE-2021-22866 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Github Enterprise Server A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. | 8.8 |
| 2021-04-02 | CVE-2021-22865 | Unspecified vulnerability in Github Enterprise Server An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. | 6.5 |
| 2021-03-23 | CVE-2021-22864 | Unspecified vulnerability in Github Enterprise Server A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 8.8 |
| 2021-03-03 | CVE-2021-22863 | Unspecified vulnerability in Github An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. | 8.1 |
| 2021-03-03 | CVE-2021-22862 | Unspecified vulnerability in Github 3.0.0 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. | 6.5 |
| 2021-03-03 | CVE-2021-22861 | Unspecified vulnerability in Github An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. | 6.5 |
| 2021-03-03 | CVE-2020-10519 | Unspecified vulnerability in Github A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 8.8 |
| 2020-08-27 | CVE-2020-10518 | Unspecified vulnerability in Github A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 6.5 |
| 2020-08-27 | CVE-2020-10517 | Unspecified vulnerability in Github An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. | 4.0 |
| 2020-06-03 | CVE-2020-10516 | Files or Directories Accessible to External Parties vulnerability in Github An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. | 7.5 |