| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5845 | Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server | GitHub | Enterprise Server | - | - | 2026-04-21 22:42:13 | Deep Dive |
| CVE-2026-3307 | Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers | GitHub | Enterprise Server | - | - | 2026-04-21 22:23:25 | Deep Dive |
| CVE-2026-5512 | Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API | GitHub | Enterprise Server | - | - | 2026-04-21 22:12:58 | Deep Dive |
| CVE-2026-4296 | Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass | GitHub | Enterprise Server | - | - | 2026-04-21 22:12:45 | Deep Dive |
| CVE-2026-4821 | Proxy configuration command injection vulnerability found in GitHub Enterprise Server Management Console configuration API | GitHub | Enterprise Server | - | - | 2026-04-21 22:12:27 | Deep Dive |
| CVE-2026-5921 | Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack | GitHub | Enterprise Server | - | - | 2026-04-21 22:11:02 | Deep Dive |
| CVE-2026-5160 | goldmark 安全漏洞 | - | github.com/yuin/goldmark/renderer/html | Medium | 6.1 | 2026-04-15 05:00:02 | Deep Dive |
| CVE-2026-33816 | CVE-2026-33816 in github.com/jackc/pgx | github.com/jackc/pgx/v5 | github.com/jackc/pgx/v5/pgproto3 | - | - | 2026-04-07 15:19:25 | Deep Dive |
| CVE-2026-33815 | CVE-2026-33815 in github.com/jackc/pgx | github.com/jackc/pgx/v5 | github.com/jackc/pgx/v5/pgproto3 | - | - | 2026-04-07 15:19:24 | Deep Dive |
| CVE-2025-15617 | Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials | Wazuh | Wazuh (GitHub Actions) | Medium | 6.5 | 2026-03-27 18:04:14 | Deep Dive |
| CVE-2026-32284 | Denial of service in github.com/shamaton/msgpack | github.com/shamaton/msgpack | github.com/shamaton/msgpack | - | - | 2026-03-26 19:40:52 | Deep Dive |
| CVE-2026-32285 | Denial of service in github.com/buger/jsonparser | github.com/buger/jsonparser | github.com/buger/jsonparser | - | - | 2026-03-26 19:40:52 | Deep Dive |
| CVE-2026-32286 | Denial of service in github.com/jackc/pgproto3/v2 | github.com/jackc/pgproto3/v2 | github.com/jackc/pgproto3/v2 | - | - | 2026-03-26 19:40:52 | Deep Dive |
| CVE-2026-32287 | Infinite loop in github.com/antchfx/xpath | github.com/antchfx/xpath | github.com/antchfx/xpath | - | - | 2026-03-26 19:40:52 | Deep Dive |
| CVE-2026-3582 | Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope | GitHub | Enterprise Server | - | - | 2026-03-10 18:56:57 | Deep Dive |
| CVE-2026-2266 | Improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting via task list content and enabled arbitrary HTML injection | GitHub | Enterprise Server | - | - | 2026-03-10 18:55:39 | Deep Dive |
| CVE-2026-3306 | Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access | GitHub | Enterprise Server | - | - | 2026-03-10 17:46:57 | Deep Dive |
| CVE-2026-3854 | Remote code execution via git push option injection in GitHub Enterprise Server | GitHub | Enterprise Server | - | - | 2026-03-10 17:37:35 | Deep Dive |
| CVE-2026-23654 | GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability | Microsoft | GitHub Repo: Zero Shot scFoundation | High | 8.8 | 2026-03-10 17:05:15 | Deep Dive |
| CVE-2026-29783 | GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution | github | copilot-cli | 高危 | - | 2026-03-06 16:39:27 | Deep Dive |