Vulnerabilities > Github > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-22 CVE-2023-23766 Incorrect Comparison vulnerability in Github Enterprise Server
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request.
network
low complexity
github CWE-697
6.5
2023-09-01 CVE-2023-23763 Missing Authorization vulnerability in Github Enterprise Server
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private.
network
low complexity
github CWE-862
5.3
2023-08-30 CVE-2023-23765 Incorrect Comparison vulnerability in Github Enterprise Server
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request.
network
low complexity
github CWE-697
6.5
2023-03-07 CVE-2022-46257 Exposure of Resource to Wrong Sphere vulnerability in Github Enterprise Server
An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI.
network
low complexity
github CWE-668
4.3
2023-02-16 CVE-2023-22380 Path Traversal vulnerability in Github Enterprise Server
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site.
network
low complexity
github CWE-22
6.5
2023-01-24 CVE-2023-22485 XML Injection (aka Blind XPath Injection) vulnerability in Github Cmark-Gfm
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.
network
low complexity
github CWE-91
5.3
2023-01-09 CVE-2022-46258 Incorrect Authorization vulnerability in Github Enterprise Server
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope.
network
low complexity
github CWE-863
6.5
2022-12-01 CVE-2022-23737 Improper Privilege Management vulnerability in Github Enterprise Server
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API.
network
low complexity
github CWE-269
6.5
2022-11-01 CVE-2022-23738 Files or Directories Accessible to External Parties vulnerability in Github Enterprise Server
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository.
network
low complexity
github CWE-552
5.7
2022-09-15 CVE-2022-39209 Algorithmic Complexity vulnerability in multiple products
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.
network
low complexity
github fedoraproject CWE-407
6.5