Enterprise server

This hub aggregates every CVE we track for Enterprise server, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Enterprise server.

• CVE-2026-9312Server-Side Request Forgery vulnerability in GitHub Enterprise Server allowed access to internal services via path traversal in upload endpoint8.2May 27, 2026
• CVE-2026-8606Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint5.9May 26, 2026
• CVE-2026-8106Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft6.1May 7, 2026
• CVE-2026-8034Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion9.8May 7, 2026
• CVE-2026-7541Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint7.5May 7, 2026
• CVE-2026-6736Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider6.5May 7, 2026
• CVE-2026-5845Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server9.6Apr 21, 2026
• CVE-2026-3307Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers2.7Apr 21, 2026
• CVE-2026-5512Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API4.3Apr 21, 2026
• CVE-2026-4296Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass8.8Apr 21, 2026
• CVE-2026-5921Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack8.9Apr 21, 2026
• CVE-2026-3582Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope4.3Mar 10, 2026
• CVE-2026-2266Improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting via task list content and enabled arbitrary HTML injection5.4Mar 10, 2026
• CVE-2026-3306Improper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write access4.3Mar 10, 2026
• CVE-2026-3854Remote code execution via git push option injection in GitHub Enterprise Server8.8Mar 10, 2026