Github Enterprise_server
13 CVEs affecting Github Enterprise_server. Latest disclosed: 2026-05-27. Critical: 2, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-8034 | Critical | 9.8 | 2026-05-07 | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal s… |
CVE-2026-5845 | Critical | 9.6 | 2026-04-21 | An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to acc… |
CVE-2026-5921 | High | 8.9 | 2026-04-21 | A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variabl… |
CVE-2026-4296 | High | 8.8 | 2026-04-21 | An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An a… |
CVE-2026-3854 | High | 8.8 | 2026-03-10 | An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a reposito… |
CVE-2026-9312 | High | 8.2 | 2026-05-27 | A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests… |
CVE-2026-7541 | High | 7.5 | 2026-05-07 | A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending cr… |
CVE-2026-4821 | High | 7.2 | 2026-04-21 | An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console admini… |
CVE-2026-6736 | Medium | 6.5 | 2026-05-07 | An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypa… |
CVE-2026-8106 | Medium | 6.1 | 2026-05-07 | A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The re… |
CVE-2026-8606 | Medium | 5.9 | 2026-05-27 | A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP reques… |
CVE-2026-5512 | Medium | 4.3 | 2026-04-21 | An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private rep… |
CVE-2026-3307 | Low | 2.7 | 2026-04-21 | An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the sec… |