Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GitHub - HackerOne Reports

View on HackerOne

37

Total Reports

1

Critical

12

High

20

Medium

1

Low

Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via nomad template injection and audit-forward

Reported by: inspector-ambitious | Disclosed:

High

Weakness: Command Injection - Generic

Managing Pages

Reported by: ali_shehab | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Sample report: Denial of service

Reported by: ghbountyocto | Disclosed:

Weakness: LLM06: Sensitive Information Disclosure

[PATs] Token with Read-Only permissions on Issues able to modify issue comments using content write permission

Reported by: archangel | Disclosed:

Medium

Weakness: Improper Access Control - Generic

View private repository NWO of deploy key via internal LFS API

Reported by: ahacker1 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $4000.00

Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in ghe-update-check

Reported by: inspector-ambitious | Disclosed:

High

Weakness: Command Injection - Generic

CSRF protection bypass in GitHub Enterprise management console

Reported by: bitquark | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $10000.00

RC Between GitHub's Repo Transfer REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention

Reported by: inspector-ambitious | Disclosed:

Medium

Weakness: Misconfiguration

Command injection in GitHub Actions ContainerStepHost

Reported by: jupenur | Disclosed:

Weakness: Resource Injection

Bounty: $4000.00

Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in syslog-ng

Reported by: inspector-ambitious | Disclosed:

High

Weakness: Command Injection - Generic

Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in collectd

Reported by: inspector-ambitious | Disclosed:

High

Weakness: Command Injection - Generic

Invite tokens have Insufficient entropy in GHES Management Console

Reported by: imrerad | Disclosed:

Medium

Weakness: Use of Insufficiently Random Values

View Repo and Title of Any Private Check Run

Reported by: ahacker1 | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $4000.00

Privilege Escalation to Root SSH Access via Pre-Receive Hook Environment in GitHub Enterprise Server

Reported by: inspector-ambitious | Disclosed:

High

Github app Privilege Escalation to Administrator/Owner of the Organization

Reported by: vaib25vicky | Disclosed:

High

Weakness: Improper Access Control - Generic

Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in actions-console

Reported by: inspector-ambitious | Disclosed:

High

Weakness: Command Injection - Generic

Access body and title of Internal Repo Issues in Projects

Reported by: ahacker1 | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $4000.00

Previous Page 2 of 2