Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GitHub - HackerOne Reports

View on HackerOne

36

Total Reports

1

Critical

12

High

20

Medium

1

Low

Authentication bypass on gist.github.com through SSH Certificates

Reported by: ammar2 | Disclosed:

High

Weakness: Improper Access Control - Generic

Bounty: $10000.00

Improper handling of null bytes in GitHub Actions Runner allows an attacker to set arbitrary environment variables

Reported by: ryotak | Disclosed:

Medium

Weakness: Resource Injection

Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in syslog-ng

Reported by: inspector-ambitious | Disclosed:

High

Weakness: Command Injection - Generic

Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in collectd

Reported by: inspector-ambitious | Disclosed:

High

Weakness: Command Injection - Generic

Invite tokens have Insufficient entropy in GHES Management Console

Reported by: imrerad | Disclosed:

Medium

Weakness: Use of Insufficiently Random Values

GHES Management console EoP (editor to site admin)

Reported by: imrerad | Disclosed:

High

Weakness: Improper Access Control - Generic

View Repo and Title of Any Private Check Run

Reported by: ahacker1 | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $4000.00

Privilege Escalation to Root SSH Access via Pre-Receive Hook Environment in GitHub Enterprise Server

Reported by: inspector-ambitious | Disclosed:

High

SAML Signature verification bypass allows logging into any user (with specific conditions)

Reported by: ahacker1 | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Bounty: $25000.00

Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via nomad template injection

Reported by: inspector-ambitious | Disclosed:

High

Weakness: Command Injection - Generic

Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via nomad template injection and audit-forward

Reported by: inspector-ambitious | Disclosed:

High

Weakness: Command Injection - Generic

Github app Privilege Escalation to Administrator/Owner of the Organization

Reported by: vaib25vicky | Disclosed:

High

Weakness: Improper Access Control - Generic

Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in actions-console

Reported by: inspector-ambitious | Disclosed:

High

Weakness: Command Injection - Generic

[PATs] Token with Read-Only permissions on Issues able to modify issue comments using content write permission

Reported by: archangel | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Access body and title of Internal Repo Issues in Projects

Reported by: ahacker1 | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $4000.00

Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in ghe-update-check

Reported by: inspector-ambitious | Disclosed:

High

Weakness: Command Injection - Generic

Previous Page 2 of 2