Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Enterprise Server — Vulnerabilities & Security Advisories 75

All 75 CVE vulnerabilities found in Enterprise Server, with AI-generated Chinese analysis, references, and POCs.

This page is a vulnerability aggregation resource for the Enterprise Server product, focusing on identified weakness types and associated security tags. It collects comprehensive data on known vulnerabilities, including remote code execution, privilege escalation, and cross-site scripting flaws, covering security issues reported and patched between 2015 and 2024. By utilizing this centralized repository, users can effectively track a vendor’s historical advisories to understand the pace and nature of security updates over time. Additionally, you can gain deeper insights into specific weakness classes to assess their prevalence and impact within the Enterprise Server ecosystem. The interface also allows you to look up a product’s vulnerability history, providing a clear timeline of how security risks have evolved and been mitigated in response to emerging threats. This data-driven approach supports risk management teams in prioritizing patches and understanding the security posture of their infrastructure. All entries are categorized by severity and affected versions, enabling precise filtering for targeted analysis. The goal is to provide transparent, accessible information that aids in compliance reporting and proactive defense strategies without overwhelming the user with unnecessary technical noise. This resource serves as a foundational reference for security analysts, IT administrators, and compliance officers seeking to maintain the integrity and resilience of their enterprise environments against known cyber threats.

Vendor: GitHub

CVE IDTitleCVSSSeverityPublished
CVE-2026-9312 Server-Side Request Forgery vulnerability in GitHub Enterprise Server allowed access to internal services via path traversal in upload endpoint CWE-918--2026-05-27
CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint CWE-918--2026-05-26
CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft CWE-79 6.1AIMediumAI2026-05-07
CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion CWE-918 8.2AIHighAI2026-05-07
CVE-2026-7541 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint CWE-770 7.5AIHighAI2026-05-07
CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider CWE-306 6.5AIMediumAI2026-05-07
CVE-2026-5845 Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server CWE-639 8.1AIHighAI2026-04-21
CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers CWE-639 2.7AILowAI2026-04-21
CVE-2026-5512 Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API CWE-201 4.3AIMediumAI2026-04-21
CVE-2026-4296 Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass CWE-185 8.2AIHighAI2026-04-21
CVE-2026-4821 Proxy configuration command injection vulnerability found in GitHub Enterprise Server Management Console configuration API CWE-78 7.2AIHighAI2026-04-21
CVE-2026-5921 Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack CWE-918 7.5AIHighAI2026-04-21
CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope CWE-862 6.5AIMediumAI2026-03-10
CVE-2026-2266 Improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting via task list content and enabled arbitrary HTML injection CWE-79 5.4AIMediumAI2026-03-10
CVE-2026-3306 Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access CWE-639 4.3AIMediumAI2026-03-10
CVE-2026-3854 Remote code execution via git push option injection in GitHub Enterprise Server CWE-77 8.8AIHighAI2026-03-10
CVE-2026-1999 Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests CWE-863 7.5 -2026-02-18
CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports CWE-862 7.3 -2026-02-18
CVE-2026-0573 Improper Handling of HTTP Redirects vulnerability was identified in GitHub Enterprise Server that allowed leaking of authorization token and enabled remote code execution CWE-601 7.3 -2026-02-18
CVE-2025-13744 Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML CWE-79 5.4 -2026-01-06
CVE-2025-14046 Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized Data Islands and Trigger Unintended Server-Side POST Requests CWE-79 4.6AIMediumAI2025-12-11
CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation CWE-59 7.2 -2025-11-10
CVE-2025-11892 DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers CWE-79 6.1 -2025-11-10
CVE-2025-8447 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access CWE-639 3.1AILowAI2025-08-26
CVE-2025-6981 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized read-only access CWE-863 7.5AIHighAI2025-07-15
CVE-2025-3509 Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation CWE-94 6.6AIMediumAI2025-04-17
CVE-2025-3124 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names CWE-862 4.3AIMediumAI2025-04-17
CVE-2024-10001 Code Injection Vulnerability in GitHub Enterprise Server Allows Arbitrary Code Execution via Message Handling CWE-94 8.3 -2025-01-29
CVE-2025-23369 Improper Verification of Cryptographic Signature in GitHub Enterprise Server Allows Signature Spoofing by Improper Validation CWE-347 7.5 -2025-01-21
CVE-2024-8810 Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access CWE-269 6.5AIMediumAI2024-11-07

All 75 known CVE vulnerabilities affecting Enterprise Server with full Chinese analysis, references, and POCs where available.