Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

GitHub — Vulnerabilities & Security Advisories 137

Browse all 137 CVE security advisories affecting GitHub. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitHub operates as a cloud-based platform for version control and collaborative software development, primarily hosting Git repositories for millions of developers worldwide. Its extensive attack surface has historically exposed it to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation, often stemming from complex integrations and third-party dependencies. With 131 recorded CVEs, the platform has faced significant security challenges, most notably the 2021 incident where attackers compromised two-factor authentication tokens to access internal systems, leading to the theft of source code from major clients. These breaches underscore the risks associated with centralized code hosting and the potential for supply chain attacks. While GitHub employs rigorous security measures, its scale and role as infrastructure for global software development make it a high-value target, necessitating continuous vigilance against both external exploits and insider threats to maintain the integrity of the open-source ecosystem.

Found 1 results / 137Clear Filters
Top products by GitHub: Enterprise Server GitHub Enterprise Server cmark-gfm codeql-action copilot-cli vscode-codeql paste-markdown view_component trilogy codeql-cli-binaries Webiness Inventory
Unknown2026-06-18
bus-ticket/bus_info.php at 459cabdbeb99c00225b26e46e3c2c30ae1de7bad · Nur-Alam39/bus-ticket · GitHub
High2026-06-13
Unrestricted File Upload Leading to Remote Code Execution (RCE) via Post Attachment · Issue #1 · mjperpinosa/stumasy
HighCVE-2024-451322026-06-02
GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling · Advisory · CloudPirates-io/helm-c
High2026-06-02
GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests · Advisory · CloudPirates-
HighCVE-2025-485012026-05-30
Incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and
HighCVE-2026-84502026-05-27
CVE-2026-8450 Shell-magic任意文件写入RCE漏洞
Criticalnull2026-05-27
CVE123/cve3/CVE_Submission.md at main · MyMySSS/CVE123 · GitHub
UnknownCVE-2026-390472026-05-22
GitHub - AzhariRamadhan/CVE-2026-39047: submition CVE · GitHub
CriticalICSA-26-132-022026-05-22
CSAF/csaf_files/OT/white/2026/icsa-26-132-02.json at develop · cisagov/CSAF · GitHub
LowGHSA-gh-cli-escape-seq2026-05-22
GitHub Actions log output in `gh run view` allows terminal escape sequence injection · Advisory · cli/cli · GitHub
HighCVE-2026-74012026-04-30
GitHub - Xmyronn/CVE-2026-7401-XSS · GitHub
Medium2026-04-29
Exec approvals: reject shell init-file script matches (#58369) · openclaw/openclaw@0c83754 · GitHub
High2026-04-18
security-research/Hotel-Booking-Management-System/sensitive-information-disclosure/PoC.md at main · sudo-secure/security
CriticalCVE-2020-355802026-04-08
GitHub Actions Shell Injection via Workflow Inputs · Advisory · NationalSecurityAgency/emissary · GitHub
Critical2026-04-05
code-projects Concert Ticket Reservation System V1.0 /ConcertTicketReservationSystem-master/login.php SQL injection · Is
Unknown2026-04-02
Unauthenticated Access to Role-Restricted documents via neutralized .htaccess · Advisory · Admidio/admidio · GitHub
Unknown2026-04-02
Web-Security-PoCs/Inventory-System/XSS-AddCustomer-msg.md at main · meifukun/Web-Security-PoCs · GitHub
CriticalCVE-2025-242432026-04-02
Command Injection via `issue_comment.body` in GitHub Actions Workflow · Advisory · njzjz/wenxian · GitHub
Unknown2026-02-21
Merge commit from fork · zumba/json-serializer@bf26227 · GitHub
HighICSA-25-329-032025-11-27
CSAF/csaf_files/OT/white/2025/icsa-25-329-03.json at develop · cisagov/CSAF · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with GitHub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.