Vulnerabilities > Github > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-02 | CVE-2024-42471 | Path Traversal vulnerability in Github Actions/Artifact and Actions Toolkit actions/artifact is the GitHub ToolKit for developing GitHub Actions. | 7.5 |
| 2024-02-13 | CVE-2024-1354 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. | 8.0 |
| 2024-01-16 | CVE-2024-0507 | Command Injection vulnerability in Github Enterprise Server An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. | 8.8 |
| 2023-12-21 | CVE-2023-46647 | Improper Privilege Management vulnerability in Github Enterprise Server Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0. | 8.8 |
| 2023-12-21 | CVE-2023-46648 | Insufficient Entropy vulnerability in Github Enterprise Server An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. | 7.5 |
| 2023-12-21 | CVE-2023-46649 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Github Enterprise Server A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. | 7.0 |
| 2023-12-21 | CVE-2023-6847 | Improper Authentication vulnerability in Github Enterprise Server An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. | 7.5 |
| 2023-07-27 | CVE-2023-23764 | Incorrect Comparison vulnerability in Github Enterprise Server An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. | 7.1 |
| 2023-07-13 | CVE-2023-37463 | Unspecified vulnerability in Github Cmark-Gfm cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. | 7.5 |
| 2023-07-11 | CVE-2023-36867 | Unspecified vulnerability in Github Pull Requests and Issues Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | 7.8 |