Vulnerabilities > Github > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-23732 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. | 8.8 |
| 2022-02-18 | CVE-2021-41599 | Unspecified vulnerability in Github Enterprise Server A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 8.8 |
| 2022-01-25 | CVE-2021-41598 | Unspecified vulnerability in Github Enterprise Server A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. | 8.8 |
| 2021-05-14 | CVE-2021-22866 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Github Enterprise Server A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. | 8.8 |
| 2021-03-23 | CVE-2021-22864 | Unspecified vulnerability in Github Enterprise Server A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 8.8 |
| 2021-03-03 | CVE-2021-22863 | Unspecified vulnerability in Github An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. | 8.1 |
| 2021-03-03 | CVE-2020-10519 | Unspecified vulnerability in Github A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 8.8 |
| 2020-06-03 | CVE-2020-10516 | Files or Directories Accessible to External Parties vulnerability in Github An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. | 7.5 |
| 2019-03-28 | CVE-2017-18365 | Deserialization of Untrusted Data vulnerability in Github The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. | 7.5 |
| 2012-04-05 | CVE-2012-2055 | Improper Control of Dynamically-Managed Code Resources vulnerability in Github GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability. | 7.5 |