Vulnerabilities > Github > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-01-04 CVE-2024-22051 Integer Overflow or Wraparound vulnerability in multiple products
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability.
network
low complexity
github gjtorikian CWE-190
critical
9.8
2023-01-17 CVE-2022-23739 Incorrect Authorization vulnerability in Github Enterprise Server
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps.
network
low complexity
github CWE-863
critical
9.8
2023-01-08 CVE-2015-10031 Unspecified vulnerability in Github 491-Project
A vulnerability classified as critical was found in purpleparrots 491-Project.
network
low complexity
github
critical
9.8
2022-12-14 CVE-2022-46255 Path Traversal vulnerability in Github Enterprise Server 3.7.0
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution.
network
low complexity
github CWE-22
critical
9.8
2022-10-25 CVE-2022-39321 OS Command Injection vulnerability in Github Runner
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow.
network
low complexity
github CWE-78
critical
9.9
2022-03-03 CVE-2022-24724 cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark.
network
low complexity
github fedoraproject
critical
9.8
2021-09-24 CVE-2021-22869 Improper Authentication vulnerability in Github Enterprise Server
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to.
network
low complexity
github CWE-287
critical
9.8
2020-06-03 CVE-2020-10516 Files or Directories Accessible to External Parties vulnerability in Github
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization.
network
low complexity
github CWE-552
critical
9.8
2019-03-28 CVE-2017-18365 Deserialization of Untrusted Data vulnerability in Github
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code.
network
low complexity
github CWE-502
critical
9.8