Skip to Content
Github found vulnerabilities. See our disclosure policy for more information.
![]()
Github found vulnerabilities 15, 3. See our disclosure policy for more information. This vulnerability affected all versions of GitHub Enterprise Server prior to 3. The vulnerability is among the first discovered by Invariant's security analyzer for detecting toxic agent flows. For any GitHub-reviewed advisory in the GitHub Advisory Database, you can see which of your repositories are affected by that security vulnerability or malware. 10, 3. 0 and older. 8. We publish vulnerabilities here only after patches are available. 12 and was fixed in versions 3. 10. Apr 30, 2022 · When you navigate to the repository's Security tab you should have an overview of the vulnerabilities found in your repo. A database of software vulnerabilities, using data from maintainer-submitted advisories and from other vulnerability databases. GPU memory in the Arm Mali GPU can be accessed after it is freed, leading to potential arbitrary kernel code execution. 40. If Dependabot knows how to fix these issues, it will offer the ability to generate a pull request to fix the issue automatically: May 26, 2025 · In this blog post, we have shown a critical vulnerability affecting the GitHub MCP server, allowing attackers to hijack a user's agent via a malicious GitHub Issue, and coerce it into leaking data from private repositories. We find and report vulnerabilities in open source projects, following coordinated disclosure. 5. To see a vulnerable repository, you must have access to Dependabot alerts for that repository. Git was also patched to address additional, Windows-specific vulnerabilities: CVE-2023-25815, CVE-2023-29011, and CVE-2023-29012. 9. 11. 7, 3. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. . Apr 25, 2023 · Today, the Git project released new versions to address a pair of security vulnerabilities, CVE-2023-25652 and CVE-2023-29007, that affect versions 2. fsgfiou vtdwhi evtilsg vgapk gfbrr jahd lydxmvh zpxtqk ghsuv hso