| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-53818 | github-kanban-mcp-server Command Injection vulnerability | Sunwood-ai-labs | github-kanban-mcp-server | - | - | 2025-07-14 20:30:30 | Deep Dive |
| CVE-2025-6600 | GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API | GitHub | GitHub Enterprise Server | - | - | 2025-07-01 18:56:46 | Deep Dive |
| CVE-2025-52569 | GitHub.jl lacks validation for user-provided fields | JuliaWeb | GitHub.jl | - | - | 2025-06-25 16:41:46 | Deep Dive |
| CVE-2025-46806 | Misaligned Memory Accesses in `is_openvpn_protocol()` | https://github.com/yrutschle/sslh/releases/tag/v2.2.4 | sslh | - | - | 2025-06-02 12:11:20 | Deep Dive |
| CVE-2025-46807 | File Descriptor Exhaustion in sslh-select and sslh-ev triggers SEGFAULT | https://github.com/yrutschle/sslh/releases/tag/v2.2.4 | sslh | - | - | 2025-06-02 11:29:14 | Deep Dive |
| CVE-2025-3246 | Markdown math block sanitization bypass allows privilege escalation and unauthorized workflow triggers | GitHub | GitHub Enterprise Server | - | - | 2025-04-17 22:50:22 | Deep Dive |
| CVE-2025-3509 | Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation | GitHub | Enterprise Server | - | - | 2025-04-17 22:50:18 | Deep Dive |
| CVE-2025-3124 | Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names | GitHub | Enterprise Server | - | - | 2025-04-17 22:50:14 | Deep Dive |
| CVE-2025-3445 | archiver 路径遍历漏洞 | github.com/mholt/archiver/v3 | github.com/mholt/archiver/v3 | High | 8.1 | 2025-04-13 22:10:21 | Deep Dive |
| CVE-2025-27416 | Asking For Scratch Username And Password | Scratch-Coding-Hut | Scratch-Coding-Hut.github.io | 中危 | - | 2025-03-01 00:10:29 | Deep Dive |
| CVE-2024-10001 | Code Injection Vulnerability in GitHub Enterprise Server Allows Arbitrary Code Execution via Message Handling | GitHub | Enterprise Server | 中危 | - | 2025-01-29 18:24:59 | Deep Dive |
| CVE-2024-45339 | Vulnerability when creating log files in github.com/golang/glog | github.com/golang/glog | github.com/golang/glog | 高危 | - | 2025-01-28 01:03:24 | Deep Dive |
| CVE-2025-24362 | CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts | github | codeql-action | 中危 | - | 2025-01-24 18:04:46 | Deep Dive |
| CVE-2025-23369 | Improper Verification of Cryptographic Signature in GitHub Enterprise Server Allows Signature Spoofing by Improper Validation | GitHub | Enterprise Server | 中危 | - | 2025-01-21 18:46:31 | Deep Dive |
| CVE-2025-22549 | WordPress WP Github plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability | seinoxygen | WP Github | Medium | 6.5 | 2025-01-07 14:57:19 | Deep Dive |
| CVE-2024-8810 | Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access | GitHub | Enterprise Server | - | - | 2024-11-07 21:24:35 | Deep Dive |
| CVE-2024-10824 | Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert Data | GitHub | Enterprise Server | - | - | 2024-11-07 21:15:11 | Deep Dive |
| CVE-2024-10007 | Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation | GitHub | Enterprise Server | - | - | 2024-11-07 20:58:18 | Deep Dive |
| CVE-2024-9539 | GitHub Enterprise Server 安全漏洞 | GitHub | GitHub Enterprise Server | - | - | 2024-10-11 17:52:35 | Deep Dive |
| CVE-2024-9487 | An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled | GitHub | Enterprise Server | - | - | 2024-10-10 21:08:49 | Deep Dive |