Github Security Vulnerabilities (CVEs)
Track 36 security vulnerabilities affecting Github products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A Missing Authorization vulnerability in GitHub Enterprise Server allows authenticated attackers to upload unauthorized content to other users' reposi...
Feb 18, 2026An authenticated attacker on GitHub Enterprise Server could exploit an insecure URL redirect in the repository_pages API to leak privileged JWT tokens...
Feb 18, 2026This is a cross-site scripting (XSS) vulnerability in GitHub Enterprise Server's filter/search components that allows attackers with permission to cre...
Jan 6, 2026This CVE describes a privilege escalation vulnerability in GitHub Enterprise Server where authenticated enterprise administrators could gain root SSH ...
Nov 10, 2025This DOM-based XSS vulnerability in GitHub Enterprise Server allows attackers to execute malicious scripts when users click crafted links in Issues se...
Nov 10, 2025An incorrect authorization vulnerability in GitHub Enterprise Server allowed contractor accounts to read internal repository contents when the Contrac...
Jul 15, 2025A cross-site scripting vulnerability in GitHub Enterprise Server allows attackers to inject malicious scripts into math blocks using $$..$$ delimiters...
Apr 17, 2025A code injection vulnerability in GitHub Enterprise Server allows attackers to inject malicious code via the identity property in message handling, en...
Jan 29, 2025This vulnerability allows unauthorized internal users to spoof cryptographic signatures in GitHub Enterprise Server, potentially bypassing authenticat...
Jan 21, 2025This vulnerability allows remote code execution on a developer's workstation when using GitHub CLI to connect to malicious codespaces. Attackers can i...
Nov 14, 2024A GitHub App installed in organizations could escalate permissions from read to write access without administrator approval. This vulnerability affect...
Nov 7, 2024This CVE describes a path collision vulnerability in GitHub Enterprise Server that allows container escape and arbitrary code execution with root priv...
Nov 7, 2024This vulnerability allows attackers to bypass SAML SSO authentication in GitHub Enterprise Server by exploiting improper cryptographic signature verif...
Oct 10, 2024A Cross-Site Scripting (XSS) vulnerability in GitHub Enterprise Server's repository transfer feature allows attackers to inject malicious scripts that...
Sep 23, 2024An XML signature wrapping vulnerability in GitHub Enterprise Server's SAML authentication allows attackers with network access to forge SAML responses...
Aug 20, 2024This CVE describes a Denial of Service vulnerability in GitHub Enterprise Server where an attacker can send a large payload to the Git server, causing...
Jul 16, 2024A suspended GitHub App could retain unauthorized access to public repositories via scoped user access tokens in GitHub Enterprise Server. This incorre...
Jul 16, 2024A security misconfiguration in GitHub Enterprise Server allowed unauthorized users to access sensitive information when an organization member changed...
Jul 16, 2024A Server-Side Request Forgery vulnerability in GitHub Enterprise Server allows authenticated site administrators to execute arbitrary code on the serv...
Jun 20, 2024This CVE describes an authentication bypass vulnerability in GitHub Enterprise Server when using SAML SSO with encrypted assertions. Attackers can for...
May 20, 2024A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to execute arbitrary ...
Apr 19, 2024A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to execute arbitrary ...
Mar 20, 2024A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to gain admin SSH acc...
Feb 13, 2024A command injection vulnerability in GitHub Enterprise Server allows authenticated users with editor role in the Management Console to execute arbitra...
Feb 13, 2024A command injection vulnerability in GitHub Enterprise Server allows authenticated users with editor role in the Management Console to execute arbitra...
Feb 13, 2024A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to execute arbitrary ...
Feb 13, 2024An unsafe reflection vulnerability in GitHub Enterprise Server allows authenticated organization owners to execute arbitrary methods, potentially lead...
Jan 16, 2024CommonMarker versions before 0.23.4 have an integer overflow vulnerability when parsing markdown tables with more than 65,535 columns. This allows una...
Jan 4, 2024This CVE describes an authentication bypass vulnerability in GitHub Enterprise Server's Private Mode. Attackers with network access can craft API requ...
Dec 21, 2023CVE-2023-6746 is an information disclosure vulnerability in GitHub Enterprise Server where sensitive data is logged, potentially enabling man-in-the-m...
Dec 21, 2023This vulnerability allows users with authorized access to the management console with an editor role in GitHub Enterprise Server to escalate their pri...
Dec 21, 2023An improper authentication vulnerability in GitHub Enterprise Server allows unauthorized users to modify other users' secret gists by authenticating t...
Apr 7, 2023This CVE describes a UI misrepresentation vulnerability in GitHub Enterprise Server where GitHub Apps could gain additional user-level permissions wit...
Jan 25, 2022This CVE describes a UI misrepresentation vulnerability in GitHub Enterprise Server where users granting authorization to GitHub Apps might unknowingl...
May 14, 2021This vulnerability allows authenticated GitHub Enterprise Server users to modify pull request maintainer permissions without authorization, potentiall...
Mar 3, 2021CVE-2020-10519 is a remote code execution vulnerability in GitHub Enterprise Server that allows authenticated users with GitHub Pages creation permiss...
Mar 3, 2021Why Monitor Github Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 36+ known vulnerabilities affecting Github products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Github packages in under 60 seconds. No agents required - completely agentless scanning that works across Github deployments.
Free vulnerability database: Access detailed information about every Github CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Github CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
