Vulnerabilities > Github
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-24 | CVE-2021-22869 | Improper Authentication vulnerability in Github Enterprise Server An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. | 9.8 |
| 2021-07-14 | CVE-2021-22867 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 6.5 |
| 2021-05-25 | CVE-2021-32638 | Information Exposure vulnerability in Github Codeql Action Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. | 4.4 |
| 2021-05-14 | CVE-2021-22866 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Github Enterprise Server A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. | 8.8 |
| 2021-04-02 | CVE-2021-22865 | Unspecified vulnerability in Github Enterprise Server An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. | 6.5 |
| 2021-03-23 | CVE-2021-22864 | Unspecified vulnerability in Github Enterprise Server A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 8.8 |
| 2021-03-03 | CVE-2021-22863 | Unspecified vulnerability in Github An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. | 8.1 |
| 2021-03-03 | CVE-2021-22862 | Unspecified vulnerability in Github 3.0.0 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. | 6.5 |
| 2021-03-03 | CVE-2021-22861 | Unspecified vulnerability in Github An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. | 6.5 |
| 2021-03-03 | CVE-2020-10519 | Unspecified vulnerability in Github A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 8.8 |