Github enterprise server

This hub aggregates every CVE we track for Github enterprise server, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Github enterprise server.

• CVE-2026-9312Server-Side Request Forgery vulnerability in GitHub Enterprise Server allowed access to internal services via path traversal in upload endpoint8.2May 27, 2026
• CVE-2026-3854Remote code execution via git push option injection in GitHub Enterprise Server8.8Mar 10, 2026
• CVE-2025-6600GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API4.3Jul 1, 2025
• CVE-2025-3246Markdown math block sanitization bypass allows privilege escalation and unauthorized workflow triggers7.6Apr 17, 2025
• CVE-2025-3509Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation7.2Apr 17, 2025
• CVE-2025-3124Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names4.3Apr 17, 2025
• CVE-2025-23369Improper Verification of Cryptographic Signature in GitHub Enterprise Server Allows Signature Spoofing by Improper Validation8.8Jan 21, 2025
• CVE-2024-10824Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert Data6.5Nov 7, 2024
• CVE-2024-10007Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation9.1Nov 7, 2024
• CVE-2024-9539An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the...4.3Oct 11, 2024
• CVE-2024-9487An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled9.1Oct 10, 2024
• CVE-2024-8263An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of...2.7Sep 23, 2024
• CVE-2024-8770A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engin...6.1Sep 23, 2024
• CVE-2024-6800An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation m...9.8Aug 20, 2024
• CVE-2024-6337Incorrect Authorization allows read access to issues in GitHub Enterprise Server6.5Aug 20, 2024