Github
This hub aggregates every CVE we track for Github, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
15
CVEs tracked
3
Critical
5
High
0
In CISA KEV
Severity distribution
MEDIUM7HIGH5CRITICAL3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Github.
- CVE-2026-42523Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in...9.0
- CVE-2023-46650Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by...5.4
- CVE-2022-36885Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statist...5.3
- CVE-2021-22863Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests8.1
- CVE-2021-22862Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks6.5
- CVE-2021-22861Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories6.5
- CVE-2020-10519Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server8.8
- CVE-2020-10517Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names4.3
- CVE-2020-10518Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server8.8
- CVE-2020-10516Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member9.8
- CVE-2017-18365The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise...9.8
- CVE-2018-1000600A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using a...8.8
- CVE-2018-1000184A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET...5.4
- CVE-2018-1000183A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacke...6.5
- CVE-2012-2055GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a m...7.5
Product normalization is registry-driven with AI assist and human review. How it works