| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-13744 | Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML | GitHub | Enterprise Server | 中危 | - | 2026-01-06 20:44:03 | Deep Dive |
| CVE-2025-68120 | Unexpected untrusted code execution in github.com/golang/vscode-go | github.com/golang/vscode-go | github.com/golang/vscode-go | 超危 | - | 2025-12-29 23:46:52 | Deep Dive |
| CVE-2025-14046 | Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized Data Islands and Trigger Unintended Server-Side POST Requests | GitHub | Enterprise Server | - | - | 2025-12-11 17:52:05 | Deep Dive |
| CVE-2025-64671 | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability | Microsoft | GitHub Copilot Plugin for JetBrains IDEs | High | 8.4 | 2025-12-09 17:56:06 | Deep Dive |
| CVE-2025-66216 | AIS-catcher has a Buffer Overflow vulnerability in `AIS::Message` leading to DoS/RCE | jvde-github | AIS-catcher | 中危 | - | 2025-11-29 01:57:55 | Deep Dive |
| CVE-2025-66217 | AIS-catcher Integer Underflow in MQTT Packet Parsing leading to Heap Buffer Overflow | jvde-github | AIS-catcher | 中危 | - | 2025-11-29 01:57:53 | Deep Dive |
| CVE-2025-12667 | GitHub Gist Shortcode Plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | paul1999 | GitHub Gist Shortcode Plugin | Medium | 6.4 | 2025-11-11 03:30:54 | Deep Dive |
| CVE-2025-11578 | Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation | GitHub | Enterprise Server | 中危 | - | 2025-11-10 22:44:33 | Deep Dive |
| CVE-2025-11892 | DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers | GitHub | Enterprise Server | 高危 | - | 2025-11-10 22:43:42 | Deep Dive |
| CVE-2025-62794 | GitHub Workflow Updater stored the optional Github token in plaintext | RichardoC | github-workflow-updater-extension | Low | 3.8 | 2025-10-28 20:53:14 | Deep Dive |
| CVE-2025-10954 | phonenumber 安全漏洞 | - | github.com/nyaruka/phonenumbers | Medium | 5.3 | 2025-09-27 05:00:01 | Deep Dive |
| CVE-2025-58875 | WordPress WP Github Gist Plugin <= 0.5 - Cross Site Scripting (XSS) Vulnerability | Sudar Muthu | WP Github Gist | Medium | 6.5 | 2025-09-05 13:45:49 | Deep Dive |
| CVE-2025-58401 | Obsidian GitHub Copilot Plugin 安全漏洞 | Pierre-Adrien Vasseur | Obsidian GitHub Copilot Plugin | - | - | 2025-09-05 04:28:25 | Deep Dive |
| CVE-2025-47909 | Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf | github.com/gorilla/csrf | github.com/gorilla/csrf | 中危 | - | 2025-08-29 15:55:09 | Deep Dive |
| CVE-2025-8447 | Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access | GitHub | Enterprise Server | - | - | 2025-08-26 01:42:37 | Deep Dive |
| CVE-2025-55301 | The Scratch Channel Allows Username Modification | The-Scratch-Channel | the-scratch-channel.github.io | Medium | 6.7 | 2025-08-25 15:38:34 | Deep Dive |
| CVE-2025-47908 | Denial of service via malicious preflight requests in github.com/rs/cors | github.com/rs/cors | github.com/rs/cors | - | - | 2025-08-06 20:41:31 | Deep Dive |
| CVE-2025-53904 | The Scratch Channel Has Potential Reflected Cross-Site Scripting (XSS) Vulnerability | The-Scratch-Channel | the-scratch-channel.github.io | - | - | 2025-07-16 17:02:01 | Deep Dive |
| CVE-2025-6981 | Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized read-only access | GitHub | Enterprise Server | - | - | 2025-07-15 20:44:30 | Deep Dive |
| CVE-2025-53903 | The Scratch Channel Has Potential Cross-Site Scripting (XSS) Vulnerability | The-Scratch-Channel | the-scratch-channel.github.io | - | - | 2025-07-15 18:22:37 | Deep Dive |