Vulnerabilities > Github > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-25 | CVE-2021-32638 | Information Exposure vulnerability in Github Codeql Action Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. | 4.4 |
| 2021-04-02 | CVE-2021-22865 | Unspecified vulnerability in Github Enterprise Server An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. | 6.5 |
| 2021-03-03 | CVE-2021-22862 | Unspecified vulnerability in Github 3.0.0 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. | 6.5 |
| 2021-03-03 | CVE-2021-22861 | Unspecified vulnerability in Github An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. | 6.5 |
| 2020-08-27 | CVE-2020-10517 | Unspecified vulnerability in Github An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. | 4.3 |