Github Github Enterprise Server
46 CVEs affecting Github Github Enterprise Server. Latest disclosed: 2025-07-01. Critical: 6, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-6800 | Critical | 9.8 | 2024-08-20 | An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizin… |
CVE-2022-23739 | Critical | 9.8 | 2023-01-17 | An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub… |
CVE-2022-46255 | Critical | 9.8 | 2022-12-14 | An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A c… |
CVE-2021-22869 | Critical | 9.8 | 2021-09-24 | An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had acc… |
CVE-2020-10516 | Critical | 9.8 | 2020-06-03 | An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gai… |
CVE-2024-2443 | Critical | 9.1 | 2024-03-20 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain adm… |
CVE-2022-46256 | High | 8.8 | 2022-12-14 | A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this… |
CVE-2022-23740 | High | 8.8 | 2022-11-23 | CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code exec… |
CVE-2022-23734 | High | 8.8 | 2022-10-19 | A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBri… |
CVE-2022-23732 | High | 8.8 | 2022-04-05 | A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentiall… |
CVE-2021-41599 | High | 8.8 | 2022-02-18 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vul… |
CVE-2021-41598 | High | 8.8 | 2022-01-25 | A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authoriz… |
CVE-2021-22866 | High | 8.8 | 2021-05-14 | A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authoriz… |
CVE-2021-22864 | High | 8.8 | 2021-03-23 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled con… |
CVE-2020-10519 | High | 8.8 | 2021-03-03 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled con… |
CVE-2020-10518 | High | 8.8 | 2020-08-27 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled con… |
CVE-2021-22863 | High | 8.1 | 2021-03-03 | An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify… |
CVE-2024-5795 | High | 7.7 | 2024-07-16 | A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large… |
CVE-2025-3246 | High | 7.6 | 2025-04-17 | An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$… |
CVE-2024-5746 | High | 7.6 | 2024-06-20 | A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitr… |