Vulnerabilities > Github > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-04 | CVE-2024-22051 | Integer Overflow or Wraparound vulnerability in multiple products CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. | 9.8 |
| 2023-01-17 | CVE-2022-23739 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. | 9.8 |
| 2023-01-08 | CVE-2015-10031 | SQL Injection vulnerability in Github 491-Project A vulnerability classified as critical was found in purpleparrots 491-Project. | 9.8 |
| 2022-12-14 | CVE-2022-46255 | Path Traversal vulnerability in Github Enterprise Server 3.7.0 An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. | 9.8 |
| 2022-10-25 | CVE-2022-39321 | OS Command Injection vulnerability in Github Runner GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. | 9.9 |
| 2022-03-03 | CVE-2022-24724 | Integer Overflow or Wraparound vulnerability in multiple products cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. | 9.8 |
| 2021-09-24 | CVE-2021-22869 | Improper Authentication vulnerability in Github Enterprise Server An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. | 9.8 |
| 2020-06-03 | CVE-2020-10516 | Files or Directories Accessible to External Parties vulnerability in Github An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. | 9.8 |
| 2019-03-28 | CVE-2017-18365 | Deserialization of Untrusted Data vulnerability in Github The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. | 9.8 |