CVE Tools

github

DevTools & CIUScommercial

81

Cumulative CVEs

16

Monthly snapshots

#54

Peak rank

Top products

enterprise server6 cli2 copilot-cli1

Latest CVEs

The 15 most recently published vulnerabilities affecting github.

CVE-2026-48501GitHub CLI tokens leak via `gh attestation` commands7.4May 29, 2026
CVE-2026-9312Server-Side Request Forgery vulnerability in GitHub Enterprise Server allowed access to internal services via path traversal in upload endpoint8.2May 27, 2026
CVE-2026-8606Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint5.9May 26, 2026
CVE-2026-45803gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection3.5May 15, 2026
CVE-2026-45033GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor7.8May 13, 2026
CVE-2026-8106Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft6.1May 7, 2026
CVE-2026-8034Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion9.8May 7, 2026
CVE-2026-7541Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint7.5May 7, 2026
CVE-2026-6736Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider6.5May 7, 2026
CVE-2026-5845Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server9.6Apr 21, 2026
CVE-2026-3307Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers2.7Apr 21, 2026
CVE-2026-5512Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API4.3Apr 21, 2026
CVE-2026-4296Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass8.8Apr 21, 2026
CVE-2026-5921Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack8.9Apr 21, 2026
CVE-2026-3582Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope4.3Mar 10, 2026