Vulnerabilidades em github
139 resultadosCVE-2024-8263MEDIUMAn improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use ofEPSS 0.4%CVE-2024-8810HIGHPrivilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write accessEPSS 0.4%CVE-2026-5921HIGHServer-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attackEPSS 0.4%CVE-2024-1482HIGHImproper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution EPSS 0.4%CVE-2024-6336MEDIUMSecurity misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposureEPSS 0.4%CVE-2025-3124MEDIUMMissing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository namesEPSS 0.4%CVE-2021-32638MEDIUMCodeQL runner: Command-line options that make GitHub access tokens visible to other processes are now deprecatedEPSS 0.4%CVE-2026-1355MEDIUMMissing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration ExportsEPSS 0.4%CVE-2026-7541MEDIUMDenial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpointEPSS 0.4%CVE-2026-8606HIGHServer-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL EndpointEPSS 0.4%CVE-2026-8034HIGHServer-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusionEPSS 0.4%CVE-2026-29783HIGHGitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command executionEPSS 0.4%CVE-2024-10001HIGHCode Injection Vulnerability in GitHub Enterprise Server Allows Arbitrary Code Execution via Message HandlingEPSS 0.4%CVE-2026-45033HIGHGitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitorEPSS 0.4%CVE-2024-8770MEDIUMA Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attacEPSS 0.3%CVE-2024-10824MEDIUMAuthorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert DataEPSS 0.3%CVE-2023-6690LOWA race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphEPSS 0.3%CVE-2026-3306MEDIUMImproper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write accessEPSS 0.3%CVE-2025-14046HIGHInsufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized Data Islands and Trigger Unintended Server-Side POST RequestsEPSS 0.3%CVE-2026-4296HIGHIncorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypassEPSS 0.3%