Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Enterprise Server — Vulnerabilities & Security Advisories 69

All 69 CVE vulnerabilities found in Enterprise Server, with AI-generated Chinese analysis, references, and POCs.

Vendor: GitHub

CVE IDTitleCVSSSeverityPublished
CVE-2026-5845 Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server CWE-639 8.1AIHighAI2026-04-21
CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers CWE-639 2.7AILowAI2026-04-21
CVE-2026-5512 Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API CWE-201 4.3AIMediumAI2026-04-21
CVE-2026-4296 Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass CWE-185 8.2AIHighAI2026-04-21
CVE-2026-4821 Proxy configuration command injection vulnerability found in GitHub Enterprise Server Management Console configuration API CWE-78 7.2AIHighAI2026-04-21
CVE-2026-5921 Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack CWE-918 7.5AIHighAI2026-04-21
CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope CWE-862 6.5AIMediumAI2026-03-10
CVE-2026-2266 Improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting via task list content and enabled arbitrary HTML injection CWE-79 5.4AIMediumAI2026-03-10
CVE-2026-3306 Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access CWE-639 4.3AIMediumAI2026-03-10
CVE-2026-3854 Remote code execution via git push option injection in GitHub Enterprise Server CWE-77 8.8AIHighAI2026-03-10
CVE-2026-1999 Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests CWE-863 7.5 -2026-02-18
CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports CWE-862 7.3 -2026-02-18
CVE-2026-0573 Improper Handling of HTTP Redirects vulnerability was identified in GitHub Enterprise Server that allowed leaking of authorization token and enabled remote code execution CWE-601 7.3 -2026-02-18
CVE-2025-13744 Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML CWE-79 5.4 -2026-01-06
CVE-2025-14046 Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized Data Islands and Trigger Unintended Server-Side POST Requests CWE-79 4.6AIMediumAI2025-12-11
CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation CWE-59 7.2 -2025-11-10
CVE-2025-11892 DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers CWE-79 6.1 -2025-11-10
CVE-2025-8447 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access CWE-639 3.1AILowAI2025-08-26
CVE-2025-6981 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized read-only access CWE-863 7.5AIHighAI2025-07-15
CVE-2025-3509 Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation CWE-94 6.6AIMediumAI2025-04-17
CVE-2025-3124 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names CWE-862 4.3AIMediumAI2025-04-17
CVE-2024-10001 Code Injection Vulnerability in GitHub Enterprise Server Allows Arbitrary Code Execution via Message Handling CWE-94 8.3 -2025-01-29
CVE-2025-23369 Improper Verification of Cryptographic Signature in GitHub Enterprise Server Allows Signature Spoofing by Improper Validation CWE-347 7.5 -2025-01-21
CVE-2024-8810 Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access CWE-269 6.5AIMediumAI2024-11-07
CVE-2024-10824 Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert Data CWE-862 4.3AIMediumAI2024-11-07
CVE-2024-10007 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation CWE-59 9.1AICriticalAI2024-11-07
CVE-2024-9487 An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled CWE-347 9.8AICriticalAI2024-10-10
CVE-2024-4985 GitHub Enterprise Server 安全漏洞 CWE-303 9.8AICriticalAI2024-05-20
CVE-2024-2440 Race Condition was identified in GitHub Enterprise Server that allowed maintaining admin permissions CWE-367 5.5 Medium2024-04-19
CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console CWE-88 8.0 High2024-04-19

All 69 known CVE vulnerabilities affecting Enterprise Server with full Chinese analysis, references, and POCs where available.