Github Enterprise Server
74 CVEs affecting Github Enterprise Server. Latest disclosed: 2026-05-27. Critical: 8, High: 18.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-8034 | Critical | 9.8 | 2026-05-07 | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal s… |
CVE-2026-5845 | Critical | 9.6 | 2026-04-21 | An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to acc… |
CVE-2024-1378 | Critical | 9.1 | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain adm… |
CVE-2024-1374 | Critical | 9.1 | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain adm… |
CVE-2024-1372 | Critical | 9.1 | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain adm… |
CVE-2024-1369 | Critical | 9.1 | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain adm… |
CVE-2024-1359 | Critical | 9.1 | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain adm… |
CVE-2024-1355 | Critical | 9.1 | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain adm… |
CVE-2026-5921 | High | 8.9 | 2026-04-21 | A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variabl… |
CVE-2026-4296 | High | 8.8 | 2026-04-21 | An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An a… |
CVE-2026-3854 | High | 8.8 | 2026-03-10 | An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a reposito… |
CVE-2023-46648 | High | 8.3 | 2023-12-21 | An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES M… |
CVE-2026-9312 | High | 8.2 | 2026-05-27 | A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests… |
CVE-2023-6746 | High | 8.1 | 2023-12-21 | An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could pe… |
CVE-2024-3684 | High | 8.0 | 2024-04-19 | A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console t… |
CVE-2024-3646 | High | 8.0 | 2024-04-19 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain adm… |
CVE-2024-2469 | High | 8.0 | 2024-03-20 | An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Ent… |
CVE-2024-1354 | High | 8.0 | 2024-02-13 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain adm… |
CVE-2023-46647 | High | 8.0 | 2023-12-21 | Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to… |
CVE-2023-23761 | High | 7.7 | 2023-04-07 | An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by a… |