Vulnerabilities > Github > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-01 | CVE-2022-21687 | Improper Input Validation vulnerability in Github Gh-Ost gh-ost is a triggerless online schema migration solution for MySQL. | 4.3 |
| 2021-11-10 | CVE-2021-22870 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. | 6.5 |
| 2021-09-24 | CVE-2021-22868 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 4.3 |
| 2021-07-14 | CVE-2021-22867 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 6.5 |
| 2021-04-02 | CVE-2021-22865 | Unspecified vulnerability in Github Enterprise Server An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. | 6.5 |
| 2021-03-03 | CVE-2021-22862 | Unspecified vulnerability in Github 3.0.0 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. | 6.5 |
| 2021-03-03 | CVE-2021-22861 | Unspecified vulnerability in Github An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. | 6.5 |
| 2020-08-27 | CVE-2020-10518 | Unspecified vulnerability in Github A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 6.5 |
| 2020-08-27 | CVE-2020-10517 | Unspecified vulnerability in Github An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. | 4.0 |
| 2012-11-04 | CVE-2012-5814 | Improper Input Validation vulnerability in multiple products Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |