Vulnerabilities > Github > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-02 CVE-2024-42471 Path Traversal vulnerability in Github Actions/Artifact and Actions Toolkit
actions/artifact is the GitHub ToolKit for developing GitHub Actions.
network
low complexity
github CWE-22
7.5
2024-02-13 CVE-2024-1354 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file.
network
high complexity
github CWE-77
8.0
2024-01-16 CVE-2024-0507 Command Injection vulnerability in Github Enterprise Server
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console.
network
low complexity
github CWE-77
8.8
2023-12-21 CVE-2023-46647 Improper Privilege Management vulnerability in Github Enterprise Server
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.
network
low complexity
github CWE-269
8.8
2023-12-21 CVE-2023-46648 Insufficient Entropy vulnerability in Github Enterprise Server
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console.
network
high complexity
github CWE-331
7.5
2023-12-21 CVE-2023-46649 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Github Enterprise Server
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access.
local
high complexity
github CWE-367
7.0
2023-12-21 CVE-2023-6847 Improper Authentication vulnerability in Github Enterprise Server
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request.
network
low complexity
github CWE-287
7.5
2023-07-27 CVE-2023-23764 Incorrect Comparison vulnerability in Github Enterprise Server
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI.
network
low complexity
github CWE-697
7.1
2023-07-13 CVE-2023-37463 Unspecified vulnerability in Github Cmark-Gfm
cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec.
network
low complexity
github
7.5
2023-03-31 CVE-2023-24824 Unspecified vulnerability in Github Cmark-Gfm
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.
network
low complexity
github
7.5