Filtered by vendor Github Subscriptions
Total 102 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8770 1 Github 1 Enterprise Server 2024-09-27 6.1 Medium
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2024-42471 2 Actions\/artifact\/, Github 3 Github Toolkit, Actions\/artifact, Actions Toolkit 2024-09-16 7.3 High
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.7 or higher. There are no known workarounds for this issue.