VYPR

Vendor CVEs

GitHub

All CVEs

201 total · sorted by risk
  • CVE-2023-22381Mar 2, 2023
    risk 0.00cvss epss 0.01

    A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need…

  • CVE-2023-22380Feb 16, 2023
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise…

  • CVE-2023-22486Jan 24, 2023
    risk 0.00cvss epss 0.01

    cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service.…

  • CVE-2023-22485Jan 24, 2023
    risk 0.00cvss epss 0.01

    cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice,…

  • CVE-2023-22484Jan 23, 2023
    risk 0.00cvss epss 0.01

    cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This…

  • CVE-2023-22483Jan 23, 2023
    risk 0.00cvss epss 0.01

    cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service.…

  • CVE-2022-23739Jan 17, 2023
    risk 0.00cvss epss 0.01

    An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most…

  • CVE-2022-46258Jan 9, 2023
    risk 0.00cvss epss 0.01

    An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This…

  • CVE-2022-46255Dec 14, 2022
    risk 0.00cvss epss 0.01

    An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an…

  • CVE-2022-23741Dec 14, 2022
    risk 0.00cvss epss 0.01

    An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability…

  • CVE-2022-46256Dec 14, 2022
    risk 0.00cvss epss 0.02

    A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This…

  • CVE-2022-23737Dec 1, 2022
    risk 0.00cvss epss 0.01

    An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write…

  • CVE-2022-23740Nov 23, 2022
    risk 0.00cvss epss 0.01

    CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub…

  • CVE-2022-23738Nov 1, 2022
    risk 0.00cvss epss 0.01

    An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server…

  • CVE-2022-23734Oct 19, 2022
    risk 0.00cvss epss 0.02

    A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that…

  • CVE-2022-39209Sep 15, 2022
    risk 0.00cvss epss 0.02

    cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service.…

  • CVE-2022-23733Aug 2, 2022
    risk 0.00cvss epss 0.00

    A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and…

  • CVE-2022-31587Jul 11, 2022
    risk 0.00cvss epss 0.01

    The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

  • CVE-2022-31553Jul 11, 2022
    risk 0.00cvss epss 0.01

    The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

  • CVE-2022-31026Jun 6, 2022
    risk 0.00cvss epss 0.01

    Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should…

  • CVE-2022-23732Apr 5, 2022
    risk 0.00cvss epss 0.02

    A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively…

  • CVE-2022-24724Mar 3, 2022
    risk 0.00cvss epss 0.04

    cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's…

  • CVE-2021-41599Feb 17, 2022
    risk 0.00cvss epss 0.02

    A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server…

  • CVE-2021-41598Jan 25, 2022
    risk 0.00cvss epss 0.01

    A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to…

  • CVE-2021-22870Nov 10, 2021
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise…

  • CVE-2021-22868Sep 24, 2021
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub…

  • CVE-2021-22869Sep 24, 2021
    risk 0.00cvss epss 0.01

    An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one…

  • CVE-2021-37700Aug 12, 2021
    risk 0.00cvss epss 0.02

    @github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string ``, a **div** is dynamically created, and the clipboard…

  • CVE-2021-22867Jul 14, 2021
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub…

  • CVE-2021-32638May 25, 2021
    risk 0.00cvss epss 0.00

    Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to…

  • CVE-2021-22866May 14, 2021
    risk 0.00cvss epss 0.01

    A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to…

  • CVE-2021-22865Apr 2, 2021
    risk 0.00cvss epss 0.01

    An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To…

  • CVE-2021-22864Mar 23, 2021
    risk 0.00cvss epss 0.02

    A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment…

  • CVE-2021-28789Mar 18, 2021
    risk 0.00cvss epss 0.02

    The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.

  • CVE-2021-22863Mar 3, 2021
    risk 0.00cvss epss 0.01

    An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this…

  • CVE-2021-22862Mar 3, 2021
    risk 0.00cvss epss 0.01

    An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed…

  • CVE-2020-10519Mar 3, 2021
    risk 0.00cvss epss 0.03

    A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to…

  • CVE-2021-22861Mar 3, 2021
    risk 0.00cvss epss 0.01

    An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able…

  • CVE-2020-10517Aug 27, 2020
    risk 0.00cvss epss 0.01

    An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any…

  • CVE-2020-10518Aug 27, 2020
    risk 0.00cvss epss 0.04

    A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to…

  • CVE-2020-5238Jul 1, 2020
    risk 0.00cvss epss 0.02

    The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the…

  • CVE-2020-10516Jun 3, 2020
    risk 0.00cvss epss 0.02

    An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub…

  • CVE-2019-16765Nov 25, 2019
    risk 0.00cvss epss 0.05

    If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users…

  • CVE-2018-17168Apr 18, 2019
    risk 0.00cvss epss 0.01

    PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).

  • CVE-2018-17167Mar 20, 2019
    risk 0.00cvss epss 0.01

    PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access…

  • CVE-2018-19936Dec 17, 2018
    risk 0.00cvss epss 0.01

    PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.

  • CVE-2018-19754Dec 5, 2018
    risk 0.00cvss epss 0.03

    Tarantella Enterprise before 3.11 allows bypassing Access Control.

  • CVE-2018-18735Oct 28, 2018
    risk 0.00cvss epss 0.01

    A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.

  • CVE-2014-0177May 27, 2014
    risk 0.00cvss epss 0.00

    The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.

  • CVE-2012-5814Nov 4, 2012
    risk 0.00cvss epss 0.01

    Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an…

Page 4 of 5