Vendor CVEs
GitHub
All CVEs
201 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-22381 | 0.00 | — | 0.01 | Mar 2, 2023 | A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need… | |||
| CVE-2023-22380 | 0.00 | — | 0.01 | Feb 16, 2023 | A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise… | |||
| CVE-2023-22486 | 0.00 | — | 0.01 | Jan 24, 2023 | cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service.… | |||
| CVE-2023-22485 | 0.00 | — | 0.01 | Jan 24, 2023 | cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice,… | |||
| CVE-2023-22484 | 0.00 | — | 0.01 | Jan 23, 2023 | cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This… | |||
| CVE-2023-22483 | 0.00 | — | 0.01 | Jan 23, 2023 | cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service.… | |||
| CVE-2022-23739 | 0.00 | — | 0.01 | Jan 17, 2023 | An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most… | |||
| CVE-2022-46258 | 0.00 | — | 0.01 | Jan 9, 2023 | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This… | |||
| CVE-2022-46255 | 0.00 | — | 0.01 | Dec 14, 2022 | An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an… | |||
| CVE-2022-23741 | 0.00 | — | 0.01 | Dec 14, 2022 | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability… | |||
| CVE-2022-46256 | 0.00 | — | 0.02 | Dec 14, 2022 | A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This… | |||
| CVE-2022-23737 | 0.00 | — | 0.01 | Dec 1, 2022 | An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write… | |||
| CVE-2022-23740 | 0.00 | — | 0.01 | Nov 23, 2022 | CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub… | |||
| CVE-2022-23738 | 0.00 | — | 0.01 | Nov 1, 2022 | An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server… | |||
| CVE-2022-23734 | 0.00 | — | 0.02 | Oct 19, 2022 | A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that… | |||
| CVE-2022-39209 | 0.00 | — | 0.02 | Sep 15, 2022 | cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service.… | |||
| CVE-2022-23733 | 0.00 | — | 0.00 | Aug 2, 2022 | A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and… | |||
| CVE-2022-31587 | 0.00 | — | 0.01 | Jul 11, 2022 | The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||
| CVE-2022-31553 | 0.00 | — | 0.01 | Jul 11, 2022 | The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||
| CVE-2022-31026 | 0.00 | — | 0.01 | Jun 6, 2022 | Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should… | |||
| CVE-2022-23732 | 0.00 | — | 0.02 | Apr 5, 2022 | A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively… | |||
| CVE-2022-24724 | 0.00 | — | 0.04 | Mar 3, 2022 | cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's… | |||
| CVE-2021-41599 | 0.00 | — | 0.02 | Feb 17, 2022 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server… | |||
| CVE-2021-41598 | 0.00 | — | 0.01 | Jan 25, 2022 | A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to… | |||
| CVE-2021-22870 | 0.00 | — | 0.01 | Nov 10, 2021 | A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise… | |||
| CVE-2021-22868 | 0.00 | — | 0.01 | Sep 24, 2021 | A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub… | |||
| CVE-2021-22869 | 0.00 | — | 0.01 | Sep 24, 2021 | An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one… | |||
| CVE-2021-37700 | 0.00 | — | 0.02 | Aug 12, 2021 | @github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string ``, a **div** is dynamically created, and the clipboard… | |||
| CVE-2021-22867 | 0.00 | — | 0.01 | Jul 14, 2021 | A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub… | |||
| CVE-2021-32638 | 0.00 | — | 0.00 | May 25, 2021 | Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to… | |||
| CVE-2021-22866 | 0.00 | — | 0.01 | May 14, 2021 | A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to… | |||
| CVE-2021-22865 | 0.00 | — | 0.01 | Apr 2, 2021 | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To… | |||
| CVE-2021-22864 | 0.00 | — | 0.02 | Mar 23, 2021 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment… | |||
| CVE-2021-28789 | 0.00 | — | 0.02 | Mar 18, 2021 | The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace. | |||
| CVE-2021-22863 | 0.00 | — | 0.01 | Mar 3, 2021 | An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this… | |||
| CVE-2021-22862 | 0.00 | — | 0.01 | Mar 3, 2021 | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed… | |||
| CVE-2020-10519 | 0.00 | — | 0.03 | Mar 3, 2021 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to… | |||
| CVE-2021-22861 | 0.00 | — | 0.01 | Mar 3, 2021 | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able… | |||
| CVE-2020-10517 | 0.00 | — | 0.01 | Aug 27, 2020 | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any… | |||
| CVE-2020-10518 | 0.00 | — | 0.04 | Aug 27, 2020 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to… | |||
| CVE-2020-5238 | 0.00 | — | 0.02 | Jul 1, 2020 | The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the… | |||
| CVE-2020-10516 | 0.00 | — | 0.02 | Jun 3, 2020 | An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub… | |||
| CVE-2019-16765 | 0.00 | — | 0.05 | Nov 25, 2019 | If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users… | |||
| CVE-2018-17168 | 0.00 | — | 0.01 | Apr 18, 2019 | PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc). | |||
| CVE-2018-17167 | 0.00 | — | 0.01 | Mar 20, 2019 | PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access… | |||
| CVE-2018-19936 | 0.00 | — | 0.01 | Dec 17, 2018 | PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. | |||
| CVE-2018-19754 | 0.00 | — | 0.03 | Dec 5, 2018 | Tarantella Enterprise before 3.11 allows bypassing Access Control. | |||
| CVE-2018-18735 | 0.00 | — | 0.01 | Oct 28, 2018 | A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. | |||
| CVE-2014-0177 | 0.00 | — | 0.00 | May 27, 2014 | The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file. | |||
| CVE-2012-5814 | 0.00 | — | 0.01 | Nov 4, 2012 | Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an… |
- CVE-2023-22381Mar 2, 2023risk 0.00cvss —epss 0.01
A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need…
- CVE-2023-22380Feb 16, 2023risk 0.00cvss —epss 0.01
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise…
- CVE-2023-22486Jan 24, 2023risk 0.00cvss —epss 0.01
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service.…
- CVE-2023-22485Jan 24, 2023risk 0.00cvss —epss 0.01
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice,…
- CVE-2023-22484Jan 23, 2023risk 0.00cvss —epss 0.01
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This…
- CVE-2023-22483Jan 23, 2023risk 0.00cvss —epss 0.01
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service.…
- CVE-2022-23739Jan 17, 2023risk 0.00cvss —epss 0.01
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most…
- CVE-2022-46258Jan 9, 2023risk 0.00cvss —epss 0.01
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This…
- CVE-2022-46255Dec 14, 2022risk 0.00cvss —epss 0.01
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an…
- CVE-2022-23741Dec 14, 2022risk 0.00cvss —epss 0.01
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability…
- CVE-2022-46256Dec 14, 2022risk 0.00cvss —epss 0.02
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This…
- CVE-2022-23737Dec 1, 2022risk 0.00cvss —epss 0.01
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write…
- CVE-2022-23740Nov 23, 2022risk 0.00cvss —epss 0.01
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub…
- CVE-2022-23738Nov 1, 2022risk 0.00cvss —epss 0.01
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server…
- CVE-2022-23734Oct 19, 2022risk 0.00cvss —epss 0.02
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that…
- CVE-2022-39209Sep 15, 2022risk 0.00cvss —epss 0.02
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service.…
- CVE-2022-23733Aug 2, 2022risk 0.00cvss —epss 0.00
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and…
- CVE-2022-31587Jul 11, 2022risk 0.00cvss —epss 0.01
The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31553Jul 11, 2022risk 0.00cvss —epss 0.01
The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-31026Jun 6, 2022risk 0.00cvss —epss 0.01
Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should…
- CVE-2022-23732Apr 5, 2022risk 0.00cvss —epss 0.02
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively…
- CVE-2022-24724Mar 3, 2022risk 0.00cvss —epss 0.04
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's…
- CVE-2021-41599Feb 17, 2022risk 0.00cvss —epss 0.02
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server…
- CVE-2021-41598Jan 25, 2022risk 0.00cvss —epss 0.01
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to…
- CVE-2021-22870Nov 10, 2021risk 0.00cvss —epss 0.01
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise…
- CVE-2021-22868Sep 24, 2021risk 0.00cvss —epss 0.01
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub…
- CVE-2021-22869Sep 24, 2021risk 0.00cvss —epss 0.01
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one…
- CVE-2021-37700Aug 12, 2021risk 0.00cvss —epss 0.02
@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string ``, a **div** is dynamically created, and the clipboard…
- CVE-2021-22867Jul 14, 2021risk 0.00cvss —epss 0.01
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub…
- CVE-2021-32638May 25, 2021risk 0.00cvss —epss 0.00
Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to…
- CVE-2021-22866May 14, 2021risk 0.00cvss —epss 0.01
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to…
- CVE-2021-22865Apr 2, 2021risk 0.00cvss —epss 0.01
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To…
- CVE-2021-22864Mar 23, 2021risk 0.00cvss —epss 0.02
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment…
- CVE-2021-28789Mar 18, 2021risk 0.00cvss —epss 0.02
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.
- CVE-2021-22863Mar 3, 2021risk 0.00cvss —epss 0.01
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this…
- CVE-2021-22862Mar 3, 2021risk 0.00cvss —epss 0.01
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed…
- CVE-2020-10519Mar 3, 2021risk 0.00cvss —epss 0.03
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to…
- CVE-2021-22861Mar 3, 2021risk 0.00cvss —epss 0.01
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able…
- CVE-2020-10517Aug 27, 2020risk 0.00cvss —epss 0.01
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any…
- CVE-2020-10518Aug 27, 2020risk 0.00cvss —epss 0.04
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to…
- CVE-2020-5238Jul 1, 2020risk 0.00cvss —epss 0.02
The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the…
- CVE-2020-10516Jun 3, 2020risk 0.00cvss —epss 0.02
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub…
- CVE-2019-16765Nov 25, 2019risk 0.00cvss —epss 0.05
If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users…
- CVE-2018-17168Apr 18, 2019risk 0.00cvss —epss 0.01
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).
- CVE-2018-17167Mar 20, 2019risk 0.00cvss —epss 0.01
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access…
- CVE-2018-19936Dec 17, 2018risk 0.00cvss —epss 0.01
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.
- CVE-2018-19754Dec 5, 2018risk 0.00cvss —epss 0.03
Tarantella Enterprise before 3.11 allows bypassing Access Control.
- CVE-2018-18735Oct 28, 2018risk 0.00cvss —epss 0.01
A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.
- CVE-2014-0177May 27, 2014risk 0.00cvss —epss 0.00
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
- CVE-2012-5814Nov 4, 2012risk 0.00cvss —epss 0.01
Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an…
Page 4 of 5