Vulnerabilities > Github > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-15 | CVE-2022-39209 | Algorithmic Complexity vulnerability in multiple products cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. | 6.5 |
| 2022-08-02 | CVE-2022-23733 | Cross-site Scripting vulnerability in Github Enterprise Server A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. | 5.4 |
| 2022-03-02 | CVE-2022-24722 | Cross-site Scripting vulnerability in Github Viewcomponent VIewComponent is a framework for building view components in Ruby on Rails. | 4.3 |
| 2022-02-01 | CVE-2022-21687 | Improper Input Validation vulnerability in Github Gh-Ost gh-ost is a triggerless online schema migration solution for MySQL. | 4.3 |
| 2021-11-10 | CVE-2021-22870 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. | 6.5 |
| 2021-09-24 | CVE-2021-22868 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 4.3 |
| 2021-07-14 | CVE-2021-22867 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 6.5 |
| 2021-04-02 | CVE-2021-22865 | Unspecified vulnerability in Github Enterprise Server An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. | 6.5 |
| 2021-03-03 | CVE-2021-22862 | Unspecified vulnerability in Github 3.0.0 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. | 6.5 |
| 2021-03-03 | CVE-2021-22861 | Unspecified vulnerability in Github An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. | 6.5 |