cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10001,https://securityvulnerability.io/vulnerability/CVE-2024-10001,Code Injection Vulnerability in GitHub Enterprise Server,"A code injection vulnerability has been identified in GitHub Enterprise Server that permits attackers to inject malicious code through the identity property in message handling. This flaw can lead to the exfiltration of sensitive data, including authentication tokens, by manipulating the Document Object Model (DOM). To launch the attack, victims must be logged into GitHub and interact with a specially crafted webpage controlled by attackers, containing a hidden iframe. The vulnerability arises from improper validation sequences, where the origin check is conducted after accepting the user-controlled identity property. Affected versions include all GitHub Enterprise Server instances prior to the specified releases, prompting users to update to safer versions.",Github,Enterprise Server,7.1,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-29T18:24:58.816Z,0
CVE-2025-23369,https://securityvulnerability.io/vulnerability/CVE-2025-23369,Cryptographic Signature Spoofing Vulnerability in GitHub Enterprise Server,"An improper verification of cryptographic signature vulnerability was discovered in GitHub Enterprise Server, which permits unauthorized internal users to spoof signatures. This flaw affects all versions prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0, notably impacting instances not employing SAML single sign-on. The report highlights the managing risk associated with internal threats and emphasizes the importance of updating affected systems to mitigate potential exploitation.",Github,Enterprise Server,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-21T18:46:30.711Z,0
CVE-2024-8810,https://securityvulnerability.io/vulnerability/CVE-2024-8810,Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access,"A significant vulnerability exists within GitHub Enterprise Server that permits a GitHub App to gain elevated permissions from read to write without the explicit consent of the organization administrator. This risk is particularly serious as it requires only an account with administrator access to install a malicious App, which could compromise organizational security and data integrity. All versions preceding 3.14 are susceptible to this vulnerability, which was addressed in the releases 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17.",Github,Enterprise Server,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-07T22:15:00.000Z,0
CVE-2024-10824,https://securityvulnerability.io/vulnerability/CVE-2024-10824,Internal Access to Sensitive Data via Personal Access Tokens,An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token (PAT) and required that secret scanning be enabled on user-owned repositories. This vulnerability affected GitHub Enterprise Server versions after 3.13.0 but prior to 3.14.0 and was fixed in version 3.13.2.,Github,Enterprise Server,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-07T21:15:11.200Z,0
CVE-2024-10007,https://securityvulnerability.io/vulnerability/CVE-2024-10007,GitHub Enterprise Server Path Collision Vulnerability,"A vulnerability exists in GitHub Enterprise Server that could allow for a path collision and arbitrary code execution, potentially enabling an attacker with Enterprise Administrator access to escape container restrictions and escalate privileges to root. This issue impacts all versions of GitHub Enterprise Server prior to 3.15, but it has been addressed in fixed versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. The vulnerability was initially reported through the proactive GitHub Bug Bounty program, emphasizing the importance of ongoing vulnerability management in software development and deployment.",Github,Enterprise Server,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-07T20:58:17.777Z,0
CVE-2024-9539,https://securityvulnerability.io/vulnerability/CVE-2024-9539,GitHub Enterprise Server Vulnerability: Information Disclosure through Phishing,"An information disclosure vulnerability exists in GitHub Enterprise Server that allows an attacker to exploit uploaded asset URLs to retrieve user metadata. By leveraging malicious SVG files, the attacker can craft a convincing phishing scheme, which relies on a victim user clicking an asset URL that the attacker has uploaded. This vulnerability impacts all versions of GitHub Enterprise Server before 3.14 and was mitigated in subsequent patches. The issue was reported through the GitHub Bug Bounty program, highlighting the importance of prompt updates and secure coding practices.",Github,Github Enterprise Server,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-10-11T17:52:35.386Z,0
CVE-2024-9487,https://securityvulnerability.io/vulnerability/CVE-2024-9487,Unauthorized Provisioning of Users and Access via SAML SSO Authentication Vulnerability,"A vulnerability was detected that allowed improper verification of cryptographic signatures within GitHub Enterprise Server. This caused potential bypass of SAML SSO authentication, enabling unauthorized provisioning of users and unwarranted access to the instance. The exploitation of this vulnerability required the attacker to have direct network access, coupled with a signed SAML response or metadata document. It is critical to note that this issue affects all versions prior to 3.15 and has been addressed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2.",Github,Enterprise Server,9.1,CRITICAL,0.008320000022649765,false,,false,false,false,,,true,false,,2024-10-10T22:15:00.000Z,4657
CVE-2024-8263,https://securityvulnerability.io/vulnerability/CVE-2024-8263,Nested Tag Vulnerability Affects All Versions of GitHub Enterprise Server,"An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.",GitHub,Enterprise Server,2.7,LOW,0.000590000010561198,false,,false,false,false,,,false,false,,2024-09-23T21:15:00.000Z,0
CVE-2024-8770,https://securityvulnerability.io/vulnerability/CVE-2024-8770,XSS Vulnerability in GitHub Enterprise Server Requires Immediate Action,"A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.",GitHub,Enterprise Server,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-23T21:15:00.000Z,0
CVE-2024-7711,https://securityvulnerability.io/vulnerability/CVE-2024-7711,Incorrect Authorization Vulnerability in GitHub Enterprise Server,"An Incorrect Authorization vulnerability has been discovered in GitHub Enterprise Server, which allows attackers to modify issue titles, assignees, and labels within any public repository. This loophole was limited to public repositories and poses significant risks if exploited. The vulnerability impacts GitHub Enterprise Server versions prior to 3.14, with remediation provided in versions 3.13.3, 3.12.8, and 3.11.14. Notably, version 3.10 is not affected by this vulnerability. The issue was identified through the GitHub Bug Bounty program, highlighting the importance of prompt security assessments.",Github,Enterprise Server,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-08-20T20:15:00.000Z,0
CVE-2024-6337,https://securityvulnerability.io/vulnerability/CVE-2024-6337,Incorrect Authorization allows read access to issues in GitHub Enterprise Server,"An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.",Github,Github Enterprise Server,6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2024-08-20T20:15:00.000Z,0
CVE-2024-6800,https://securityvulnerability.io/vulnerability/CVE-2024-6800,GitHub Enterprise Server XML Signature Wrapping Vulnerability,"The CVE-2024-6800 vulnerability in GitHub Enterprise Server is a critical XML signature wrapping vulnerability that allows attackers to bypass authentication requirements when using SAML single sign-on (SSO) authentication with specific identity providers. This could result in unauthorized access to user accounts with site administrator privileges. The vulnerability affects all versions of GitHub Enterprise Server prior to 3.14 and has been fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. While it has not been exploited in the wild, organizations are advised to update to the patched versions to mitigate the risk. This vulnerability does not have any known impacts from ransomware groups.",Github,Github Enterprise Server,9.8,CRITICAL,0.0006799999973736703,false,,true,false,false,,,false,false,,2024-08-20T20:15:00.000Z,0
CVE-2024-5795,https://securityvulnerability.io/vulnerability/CVE-2024-5795,Denial of Service Vulnerability in GitHub Enterprise Server,"A Denial of Service vulnerability in GitHub Enterprise Server allowed attackers to exploit the server by sending a large payload, resulting in unbounded resource exhaustion. This vulnerability impacted all versions prior to 3.14, necessitating updates to versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17 to mitigate potential threats. The vulnerability was responsibly disclosed through the GitHub Bug Bounty program, highlighting the importance of regular updates and security assessments.",Github,Enterprise Server,6.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2024-07-16T22:15:00.000Z,0
CVE-2024-5566,https://securityvulnerability.io/vulnerability/CVE-2024-5566,Improper Privilege Management in GitHub Enterprise Server,"A vulnerability in GitHub Enterprise Server allows users to migrate private repositories without the necessary permissions, due to inadequate management of access tokens. This issue affects all versions prior to 3.14 and raises concerns over the security of repository data. Remediation was implemented in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17 to prevent unauthorized access.",Github,Enterprise Server,6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2024-07-16T22:15:00.000Z,0
CVE-2024-5815,https://securityvulnerability.io/vulnerability/CVE-2024-5815,Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository,"A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker's fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.


 This vulnerability was reported via the GitHub Bug Bounty program.",Github,Github Enterprise Server,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2024-07-16T22:15:00.000Z,0
CVE-2024-5817,https://securityvulnerability.io/vulnerability/CVE-2024-5817,Improper authorization allows read access to issue content in GitHub Enterprise Server,"An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.",Github,Github Enterprise Server,6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2024-07-16T22:15:00.000Z,0
CVE-2024-6336,https://securityvulnerability.io/vulnerability/CVE-2024-6336,Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure,"A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.",Github,Github Enterprise Server,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-07-16T22:15:00.000Z,0
CVE-2024-5816,https://securityvulnerability.io/vulnerability/CVE-2024-5816,Improper authorization allows persistent access in GitHub Enterprise Server,"An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. This vulnerability was reported via the GitHub Bug Bounty program.",Github,Github Enterprise Server,5.3,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2024-07-16T22:15:00.000Z,0
CVE-2024-6395,https://securityvulnerability.io/vulnerability/CVE-2024-6395,Sensitive Information Exposure in GitHub Enterprise Server,"A vulnerability in GitHub Enterprise Server allows attackers to enumerate private repository names that use deploy keys, exposing sensitive information without granting unauthorized access to any repository content. This issue affects all versions prior to 3.14 and was mitigated in several fixed versions including 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. The vulnerability was reported through the GitHub Bug Bounty program, underscoring the importance of security diligence in enterprise environments.",Github,Enterprise Server,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-07-16T22:15:00.000Z,0
CVE-2024-5746,https://securityvulnerability.io/vulnerability/CVE-2024-5746,Server-Side Request Forgery Vulnerability in GitHub Enterprise Server,"A significant Server-Side Request Forgery vulnerability was identified in the GitHub Enterprise Server, enabling attackers with Site Administrator privileges to execute arbitrary code on the affected server instance. This severe security flaw necessitates authenticated access through an account possessing Site Administrator status, exposing numerous GitHub Enterprise Server instances to potential exploitation. The issue affects all versions prior to 3.13, emphasizing the urgency for organizations to apply the latest patches provided in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported through the GitHub Bug Bounty program, reflecting the ongoing commitment to security within the GitHub ecosystem.",Github,Github Enterprise Server,7.6,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-06-20T22:15:00.000Z,0
CVE-2024-2440,https://securityvulnerability.io/vulnerability/CVE-2024-2440,Race Condition in GitHub Enterprise Server Allows Existing Admin to Maintain Permissions on Detached Repository,"A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.9.13, 3.10.10, 3.11.8 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. ",Github,Enterprise Server,5.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-19T17:15:00.000Z,0
CVE-2024-3646,https://securityvulnerability.io/vulnerability/CVE-2024-3646,Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console,"A command injection vulnerability was discovered in GitHub Enterprise Server, which positions an attacker with editor privileges in the Management Console to obtain unauthorized admin SSH access. This critical flaw arises during the chat integration configuration process, enabling exploitation if the attacker can access the GitHub Enterprise Server instance with proper permissions. The vulnerability impacts all versions prior to 3.12 and was addressed in subsequent updates, namely versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. Effective measures include upgrading to the latest versions to mitigate risks associated with unauthorized access.",Github,Enterprise Server,8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-19T15:15:00.000Z,0
CVE-2024-1908,https://securityvulnerability.io/vulnerability/CVE-2024-1908,Improper Privilege Management Vulnerability Affects GitHub Enterprise Server,"An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program. 


",Github,Enterprise Server,6.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-03-21T02:51:00.000Z,0
CVE-2024-2443,https://securityvulnerability.io/vulnerability/CVE-2024-2443,Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console,"A command injection vulnerability exists in GitHub Enterprise Server, which could potentially allow an attacker with an editor role in the Management Console to obtain unauthorized admin SSH access to the server. This risk arises when configuring GeoJSON settings, requiring an attacker to have access to the GitHub Enterprise Server instance and to the Management Console with the editor role. This vulnerability impacts all versions of GitHub Enterprise Server prior to 3.13, and the issue has been addressed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. It was reported through the GitHub Bug Bounty program.",Github,Github Enterprise Server,9.1,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-03-20T23:15:00.000Z,0
CVE-2024-2469,https://securityvulnerability.io/vulnerability/CVE-2024-2469,Remote Code Execution Vulnerability Affects GitHub Enterprise Server,"A vulnerability exists within GitHub Enterprise Server that allows attackers with Administrator privileges to execute arbitrary code remotely, leading to potential SSH root access. This serious security flaw affects versions 3.8.0 and above of GitHub Enterprise Server. It was reported through the GitHub Bug Bounty program and has been addressed in the following patched versions: 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. Organizations using affected versions are strongly encouraged to update to secure their environments against this exploitation vector.",Github,Enterprise Server,8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-03-20T22:56:03.451Z,0