Home/Product/github enterprise server
Product

github enterprise server

145 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-48501
< 2.93.0
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in
7.4HIGH
 CVE-2026-9312
>= 3.16.0 and < 3.16.19
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated atta
8.2HIGH
 CVE-2026-8606
< 3.16.19
A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause th
5.9MEDIUM
 CVE-2026-45803
>= 1.6.0 and < 2.92.0
gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub
3.5LOW
 CVE-2026-8106
>= 3.19.1 and < 3.19.6
A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could a
6.1MEDIUM
 CVE-2026-8034
< 3.16.18
A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an
9.8CRITICAL
 CVE-2026-7541
< 3.16.18
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause ser
7.5HIGH
 CVE-2026-6736
< 3.16.18
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to crea
6.5MEDIUM
 CVE-2026-42523
< 1.46.0.1
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of
9.0CRITICAL
 CVE-2026-5921
< 3.14.26
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract
8.9HIGH
 CVE-2026-5845
< 3.14.26
An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an
9.6CRITICAL
 CVE-2026-5512
< 3.14.26
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to deter
4.3MEDIUM
 CVE-2026-4821
< 3.14.26
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it was published in error.
 CVE-2026-4296
< 3.14.26
An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth
8.8HIGH
 CVE-2026-3307
< 3.14.26
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one
2.7LOW
 CVE-2026-3582
< 3.16.15
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a clas
4.3MEDIUM
 CVE-2026-2266
< 3.18.6
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scr
5.4MEDIUM
 CVE-2026-3854
< 3.14.24
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker w
8.8HIGH
 CVE-2026-3306
< 3.14.24
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repos
4.3MEDIUM
 CVE-2026-1999
< 3.17.11
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pu
6.5MEDIUM
 CVE-2026-1355
< 3.14.23
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized c
6.5MEDIUM
 CVE-2026-0573
< 3.14.22
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sen
9.0CRITICAL
 CVE-2025-13744
>= 3.14.0 and < 3.14.20
An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allow
5.4MEDIUM
 CVE-2025-14046
< 3.14.21
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to in
6.1MEDIUM
 CVE-2025-11892
< 3.14.19
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scri
9.6CRITICAL
 CVE-2025-11578
>= 3.14.0 and < 3.14.20
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to
7.2HIGH
 CVE-2025-8447
< 3.14.17
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any reposito
3.1LOW
 CVE-2025-6981
< 3.14.5
An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor
4.3MEDIUM
 CVE-2025-6600
>= 3.17.0 and < 3.17.2
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disc
4.3MEDIUM
 CVE-2025-3509
< 3.13.16
A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary
7.2HIGH
 CVE-2025-3246
all versions
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in
7.6HIGH
 CVE-2025-3124
< 3.13.14
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private r
4.3MEDIUM
 CVE-2024-10001
< 3.11.6
A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the
7.1HIGH
 CVE-2025-23369
< 3.12.14
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signatur
8.8HIGH
 CVE-2024-52308
< 2.62.0
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when usi
8.0HIGH
 CVE-2024-8810
>= 3.10.0 and < 3.10.17
A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organiza
6.5MEDIUM
 CVE-2024-10824
>= 3.13.0 and < 3.13.2
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to acces
6.5MEDIUM
 CVE-2024-10007
< 3.11.17
A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container esca
9.1CRITICAL
 CVE-2024-9539
< 3.11.16
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the at
4.3MEDIUM
 CVE-2024-9487
< 3.11.16
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO
9.1CRITICAL
 CVE-2024-8770
>= 3.10.0 and < 3.10.17
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which al
6.1MEDIUM
 CVE-2024-8263
>= 3.10.0 and < 3.10.17
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through
2.7LOW
 CVE-2024-42471
>= 2.0.0 and < 2.1.7
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1
7.3HIGH
 CVE-2024-7711
>= 3.11.0 and < 3.11.14
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, ass
4.3MEDIUM
 CVE-2024-6800
>= 3.10.0 and < 3.10.16
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specifi
9.8CRITICAL
 CVE-2024-6337
>= 3.10.0 and < 3.10.16
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: r
6.5MEDIUM
 CVE-2024-6395
>= 3.9.0 and < 3.9.17
An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of p
5.3MEDIUM
 CVE-2024-6336
>= 3.9.0 and < 3.9.17
A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized use
5.3MEDIUM
 CVE-2024-5817
>= 3.9.0 and < 3.9.17
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via
6.5MEDIUM
 CVE-2024-5816
>= 3.9.0 and < 3.9.17
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain
5.3MEDIUM
 CVE-2024-5815
>= 3.9.0 and < 3.9.17
A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by ex
6.5MEDIUM
 CVE-2024-5795
>= 3.9.0 and < 3.9.17
A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource
7.7HIGH
 CVE-2024-5566
>= 3.9.0 and < 3.9.17
An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes def
5.8MEDIUM
 CVE-2024-5746
< 3.9.16
A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Admi
7.6HIGH
 CVE-2024-4985
< 3.9.15
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authe
9.8CRITICAL
 CVE-2024-2440
< 3.9.13
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making
5.5MEDIUM
 CVE-2024-3684
< 3.9.13
A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor rol
8.0HIGH
 CVE-2024-3646
< 3.9.13
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M
8.0HIGH
 CVE-2024-3470
>= 3.11.0 and < 3.11.8
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy
5.9MEDIUM
 CVE-2024-1908
< 3.8.16
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Ent
6.3MEDIUM
 CVE-2024-2748
all versions
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthor
4.3MEDIUM
 CVE-2024-2469
< 3.8.17
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vul
8.0HIGH
 CVE-2024-2443
< 3.8.17
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M
9.1CRITICAL
 CVE-2024-1482
>= 3.8.0 and < 3.9.10
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branche
7.1HIGH
 CVE-2024-1378
< 3.8.15
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M
9.1CRITICAL
 CVE-2024-1374
< 3.8.15
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M
9.1CRITICAL
 CVE-2024-1372
< 3.8.15
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M
9.1CRITICAL
 CVE-2024-1369
< 3.8.15
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M
9.1CRITICAL
 CVE-2024-1359
< 3.8.15
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M
9.1CRITICAL
 CVE-2024-1355
< 3.8.15
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M
9.1CRITICAL
 CVE-2024-1354
< 3.8.15
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M
8.0HIGH
 CVE-2024-1084
< 3.8.15
Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious websi
6.5MEDIUM
 CVE-2024-1082
< 3.8.15
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read perm
6.3MEDIUM
 CVE-2024-0507
< 3.8.13
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command inje
6.5MEDIUM
 CVE-2024-0200
>= 3.8.0 and < 3.8.13
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulner
7.2HIGH
 CVE-2024-22051
< 0.28.3.gfm.21
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly
9.8CRITICAL
 CVE-2023-6847
>= 3.9.0 and < 3.9.7
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using
7.5HIGH
 CVE-2023-6804
>= 3.8.0 and < 3.8.12
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this,
6.5MEDIUM
 CVE-2023-6803
>= 3.8.0 and < 3.8.12
A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. T
5.8MEDIUM
 CVE-2023-6802
>= 3.8.0 and < 3.8.12
An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could al
7.2HIGH
 CVE-2023-6746
>= 3.7.0 and < 3.7.19
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server b
8.1HIGH
 CVE-2023-6690
>= 3.8.0 and < 3.8.12
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by maki
3.9LOW
 CVE-2023-51380
>= 3.7.0 and < 3.7.19
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an
2.7LOW
 CVE-2023-51379
>= 3.7.0 and < 3.7.19
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with
4.9MEDIUM
 CVE-2023-46649
>= 3.7.0 and < 3.7.19
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an
6.3MEDIUM
 CVE-2023-46648
>= 3.8.0 and < 3.8.12
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a
8.3HIGH
 CVE-2023-46647
>= 3.8.0 and < 3.8.12
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management co
8.0HIGH
 CVE-2023-46646
>= 3.7.0 and < 3.7.19
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via
5.3MEDIUM
 CVE-2023-46645
>= 3.7.0 and < 3.7.19
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitH
6.8MEDIUM
 CVE-2023-46650
<= 1.37.3
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting
5.4MEDIUM
 CVE-2023-23766
< 3.6.17
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an in
4.5MEDIUM
 CVE-2023-23763
>= 3.6.0 and < 3.6.18
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to
5.3MEDIUM
 CVE-2023-23765
>= 3.6.0 and < 3.6.16
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an in
4.8MEDIUM
 CVE-2023-23764
>= 3.7.0 and < 3.7.9
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an in
4.8MEDIUM
 CVE-2023-37463
< 0.29.0.gfm.12
cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a
6.4MEDIUM
 CVE-2023-23762
< 3.4.18
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an in
6.5MEDIUM
 CVE-2023-23761
< 3.4.18
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify o
7.7HIGH
 CVE-2023-26485
< 0.29.0.gfm.10
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity iss
5.3MEDIUM
 CVE-2023-24824
< 0.29.0.gfm.10.
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity iss
5.3MEDIUM
 CVE-2023-23760
< 3.4.17
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHu
4.9MEDIUM
 CVE-2022-46257
>= 3.3.0 and < 3.3.17
An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added t
4.3MEDIUM
 CVE-2023-22381
< 3.4.15
A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables fro
4.1MEDIUM
 CVE-2023-22380
>= 3.7.0 and < 3.7.6
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitH
6.5MEDIUM
 CVE-2023-22486
< 0.29.0.gfm.7
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 c
3.5LOW
 CVE-2023-22485
< 0.29.0.gfm.7
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7,
5.3MEDIUM
 CVE-2023-22484
< 0.29.0.gfm.7
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 a
3.5LOW
 CVE-2023-22483
< 0.29.0.gfm.7
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 a
3.5LOW
 CVE-2022-23739
< 3.3.16
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in Grap
9.8CRITICAL
 CVE-2022-46258
< 3.3.16
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with re
6.5MEDIUM
 CVE-2015-10031
< 2015-03-11
A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file
5.5MEDIUM
 CVE-2022-23741
< 3.3.17
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to
7.2HIGH
 CVE-2022-46256
< 3.3.17
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHu
8.8HIGH
 CVE-2022-46255
all versions
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabl
9.8CRITICAL
 CVE-2022-23737
< 3.2.20
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privile
6.5MEDIUM
 CVE-2022-23740
all versions
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server
8.8HIGH
 CVE-2022-23738
>= 3.2.0 and < 3.2.20
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access privat
5.7MEDIUM
 CVE-2022-23734
< 3.2.16
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote
8.8HIGH
 CVE-2022-39209
< 0.29.0.gfm.6
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.
7.5HIGH
 CVE-2022-23733
>= 3.3.0 and < 3.3.11
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This inj
5.4MEDIUM
 CVE-2022-36885
<= 1.34.4
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and compu
5.3MEDIUM
 CVE-2022-23732
< 3.1.19
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF prote
8.8HIGH
 CVE-2022-24724
< 0.28.3.gfm.21
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.
8.8HIGH
 CVE-2021-41599
>= 3.0.0 and < 3.0.21
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pa
8.8HIGH
 CVE-2021-41598
< 3.0.21
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during
8.8HIGH
 CVE-2021-22870
< 3.0.19
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to r
6.5MEDIUM
 CVE-2021-22869
>= 3.0.0 and < 3.0.16
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner gro
9.8CRITICAL
 CVE-2021-22868
< 2.22.22
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages sit
4.3MEDIUM
 CVE-2021-22867
< 2.22.17
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages sit
6.5MEDIUM
 CVE-2021-22866
>= 2.20.0 and < 2.22.13
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during
8.8HIGH
 CVE-2021-22865
< 2.21.18
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a Gi
6.5MEDIUM
 CVE-2021-22864
>= 2.21.0 and < 2.21.17
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pa
8.8HIGH
 CVE-2021-22863
>= 3.0.0 and < 3.0.1
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated use
8.1HIGH
 CVE-2021-22862
all versions
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ab
6.5MEDIUM
 CVE-2021-22861
>= 3.0.0 and < 3.0.1
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instan
6.5MEDIUM
 CVE-2020-10519
< 2.20.24
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pa
8.8HIGH
 CVE-2020-10518
< 2.19.21
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pa
8.8HIGH
 CVE-2020-10517
< 2.19.21
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instan
4.3MEDIUM
 CVE-2020-10516
>= 2.18.0 and < 2.18.20
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to
9.8CRITICAL
 CVE-2017-18365
>= 2.8.0 and < 2.8.7
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote atta
9.8CRITICAL
 CVE-2018-1000600
<= 1.29.1
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCrea
8.8HIGH
 CVE-2018-1000184
<= 1.29.0
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allow
5.4MEDIUM
 CVE-2018-1000183
<= 1.29.0
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that
6.5MEDIUM
 CVE-2016-7794
<= 0.10.2
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.
9.8CRITICAL
 CVE-2016-7793
<= 0.10.2
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.
8.8HIGH
 CVE-2012-2055
< 20120304
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which a
7.5HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh