Inspector-Ambitious

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description A heap buffer overflow exists in the GPU component of Google Chrome. This issue allows a remote attacker to execute arbitrary code by using a specially crafted HTML page. Recommendations Update Google Chrome to version 146.0.7680.178 or later.

**Name of the Vulnerable Software and Affected Versions** Google Cloud Build versions prior to 2026-01-26 **Description** An improper authorization issue in GitHub Trigger Comment Control within Google Cloud Build allows a remote attacker to execute arbitrary code in the build environment. The issue was patched on January 26, 2026. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.19 GitHub Enterprise Server versions 3.14.19 GitHub Enterprise Server versions 3.15.14 GitHub Enterprise Server versions 3.16.10 GitHub Enterprise Server versions 3.17.7 GitHub Enterprise Server versions 3.18.1 **Description** A privilege escalation issue exists in GitHub Enterprise Server. An authenticated Enterprise admin could obtain root SSH access to the appliance by exploiting a symlink escape within pre-receive hook environments. An attacker could create a malicious repository and environment to replace system binaries during hook cleanup. This allows execution of a payload that adds the attacker’s SSH key to the root user’s authorized keys, granting root SSH access. Exploitation requires enterprise admin privileges. **Recommendations** Update to GitHub Enterprise Server version 3.14.19 Update to GitHub Enterprise Server version 3.15.14 Update to GitHub Enterprise Server version 3.16.10 Update to GitHub Enterprise Server version 3.17.7 Update to GitHub Enterprise Server version 3.18.1 Update to GitHub Enterprise Server version 3.19 or later

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.13 GitHub Enterprise Server versions 3.9 through 3.9.12 GitHub Enterprise Server versions 3.10 through 3.10.9 GitHub Enterprise Server versions 3.11 through 3.11.7 GitHub Enterprise Server versions 3.12 through 3.12.0 **Description** A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This issue was reported via the GitHub Bug Bounty program. **Recommendations** For GitHub Enterprise Server versions prior to 3.9.13, update to version 3.9.13. For GitHub Enterprise Server versions 3.10, update to version 3.10.10. For GitHub Enterprise Server versions 3.11, update to version 3.11.8. For GitHub Enterprise Server versions 3.12, update to version 3.12.1. As a temporary workaround, consider restricting access to GraphQL mutations that alter repository permissions for detached repositories until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions 3.8.0 through 3.12.0 **Description** An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This issue was reported via the GitHub Bug Bounty program. Remote attacks are possible, allowing an attacker to potentially compromise the security of repositories. **Recommendations** For GitHub Enterprise Server versions 3.8.0 through 3.8.16, update to version 3.8.17. For GitHub Enterprise Server versions 3.9.0 through 3.9.11, update to version 3.9.12. For GitHub Enterprise Server versions 3.10.0 through 3.10.8, update to version 3.10.9. For GitHub Enterprise Server versions 3.11.0 through 3.11.6, update to version 3.11.7. For GitHub Enterprise Server versions 3.12.0, update to version 3.12.1.

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.15 GitHub Enterprise Server version 3.14.2 and earlier GitHub Enterprise Server versions prior to 3.14.3 GitHub Enterprise Server versions prior to 3.13.6 GitHub Enterprise Server versions prior to 3.12.11 GitHub Enterprise Server versions prior to 3.11.17 Description: A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server, allowing container escape to escalate to root via the ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This issue can lead to privilege escalation to root. Recommendations: For GitHub Enterprise Server versions prior to 3.15, update to version 3.14.3 or later. For GitHub Enterprise Server versions prior to 3.14.3, update to version 3.14.3. For GitHub Enterprise Server versions prior to 3.13.6, update to version 3.13.6 or later. For GitHub Enterprise Server versions prior to 3.12.11, update to version 3.12.11 or later. For GitHub Enterprise Server versions prior to 3.11.17, update to version 3.11.17 or later.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15 are not affected as they contain the fix. **Description** A command injection issue was identified in GitHub Enterprise Server, allowing an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This issue was reported via the GitHub Bug Bounty program. **Recommendations** For GitHub Enterprise Server versions prior to 3.12, update to version 3.11.5, 3.10.7, 3.9.10, or 3.8.15 to resolve the issue. As a temporary workaround, consider restricting access to the Management Console and the actions-console docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.12 **Description** A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability was reported via the GitHub Bug Bounty program. **Recommendations** For versions prior to 3.11.5, update to version 3.11.5 or later. For versions prior to 3.10.7, update to version 3.10.7 or later. For versions prior to 3.9.10, update to version 3.9.10 or later. For versions prior to 3.8.15, update to version 3.8.15 or later. As a temporary workaround, consider restricting access to the Management Console and the `syslog-ng` configuration file until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.12 **Description** A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. **Recommendations** For versions prior to 3.11.5, update to version 3.11.5 or later. For versions prior to 3.10.7, update to version 3.10.7 or later. For versions prior to 3.9.10, update to version 3.9.10 or later. For versions prior to 3.8.15, update to version 3.8.15 or later. As a temporary workaround, consider restricting access to the Management Console to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server version 3.11.5 GitHub Enterprise Server version 3.10.7 GitHub Enterprise Server version 3.9.10 GitHub Enterprise Server version 3.8.15 **Description** A command injection issue was identified in GitHub Enterprise Server, allowing an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. **Recommendations** For GitHub Enterprise Server versions prior to 3.12, update to version 3.12 or later to resolve the issue. For GitHub Enterprise Server version 3.11.5, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.10.7, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.9.10, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.8.15, no additional action is required as this version already contains the fix. As a temporary workaround, consider restricting access to the Management Console with the editor role until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server version 3.11.5 GitHub Enterprise Server version 3.10.7 GitHub Enterprise Server version 3.9.10 GitHub Enterprise Server version 3.8.15 **Description** A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability was reported via the GitHub Bug Bounty program. **Recommendations** For GitHub Enterprise Server versions prior to 3.12, update to version 3.12 or later to resolve the issue. For GitHub Enterprise Server version 3.11.5, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.10.7, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.9.10, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.8.15, no additional action is required as this version already contains the fix. As a temporary workaround, consider restricting access to the Management Console and nomad templates to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server version 3.11.5 GitHub Enterprise Server version 3.10.7 GitHub Enterprise Server version 3.9.10 GitHub Enterprise Server version 3.8.15 **Description** A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. **Recommendations** For GitHub Enterprise Server versions prior to 3.12, update to version 3.12 or later to resolve the issue. For GitHub Enterprise Server version 3.11.5, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.10.7, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.9.10, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.8.15, no additional action is required as this version already contains the fix. As a temporary workaround, consider restricting access to the Management Console with the editor role until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions 3.8.0 through 3.8.11 GitHub Enterprise Server versions 3.9.0 through 3.9.6 GitHub Enterprise Server versions 3.10.0 through 3.10.3 GitHub Enterprise Server versions 3.11.0 **Description** A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. **Recommendations** For GitHub Enterprise Server versions 3.8.0 through 3.8.11, update to version 3.8.12. For GitHub Enterprise Server versions 3.9.0 through 3.9.6, update to version 3.9.7. For GitHub Enterprise Server versions 3.10.0 through 3.10.3, update to version 3.10.4. For GitHub Enterprise Server versions 3.11.0, update to version 3.11.1.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server versions 3.11 through 3.11.0 **Description** A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. **Recommendations** For GitHub Enterprise Server versions 3.8 through 3.8.11, update to version 3.8.12. For GitHub Enterprise Server versions 3.9 through 3.9.6, update to version 3.9.7. For GitHub Enterprise Server versions 3.10 through 3.10.3, update to version 3.10.4. For GitHub Enterprise Server versions 3.11 through 3.11.0, update to version 3.11.1.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.10.0 **Description** An authorization/sensitive information disclosure issue was identified in GitHub Enterprise Server, allowing a fork to retain read access to an upstream repository after its visibility was changed to private. This issue was reported via the GitHub Bug Bounty program. **Recommendations** For versions prior to 3.10.0, update to version 3.10.0 or later to resolve the issue. Alternatively, for specific prior versions, update to the following fixed versions: - Version 3.9.4 for those on version 3.9 - Version 3.8.9 for those on version 3.8 - Version 3.7.16 for those on version 3.7 - Version 3.6.18 for those on version 3.6

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions 3.7.0 through 3.7.8 GitHub Enterprise Server versions 3.8.0 through 3.8.1 GitHub Enterprise Server versions 3.9.0 **Description** An incorrect comparison issue was identified that allowed commit smuggling, displaying an incorrect diff within the GitHub pull request UI. An attacker would need write access to the repository to exploit this. The issue was reported via the GitHub Bug Bounty program. **Recommendations** For GitHub Enterprise Server versions 3.7.0 through 3.7.8, update to version 3.7.9. For GitHub Enterprise Server versions 3.8.0 through 3.8.1, update to version 3.8.2. For GitHub Enterprise Server version 3.9.0, update to version 3.9.1.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.7 through 15.11.10 GitLab CE/EE versions 16.0 through 16.0.6 GitLab CE/EE versions 16.1 through 16.1.1 **Description** An issue has been discovered in GitLab CE/EE that allows a developer to remove the CODEOWNERS rules and merge to a protected branch. **Recommendations** For versions 13.7 through 15.11.10, update to version 15.11.10 or later. For versions 16.0 through 16.0.6, update to version 16.0.6 or later. For versions 16.1 through 16.1.1, update to version 16.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions prior to 15.10.8 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 **Description** An issue has been discovered in GitLab CE/EE where an attacker can spoof protected tags. This could potentially lead a victim to download malicious code. **Recommendations** For versions prior to 15.10.8, update to version 15.10.8 or later. For versions 15.11 through 15.11.6, update to version 15.11.7 or later. For versions 16.0 through 16.0.1, update to version 16.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 1.2 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 **Description** The issue allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. **Recommendations** For versions 1.2 through 15.10.7, update to version 15.10.8 or later. For versions 15.11 through 15.11.6, update to version 15.11.7 or later. For versions 16.0 through 16.0.1, update to version 16.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 15.9.8 GitLab versions 15.10.0 through 15.10.7 GitLab versions 15.11.0 through 15.11.3 **Description** A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI. **Recommendations** For versions prior to 15.9.8, update to version 15.9.8 or later. For versions 15.10.0 through 15.10.7, update to version 15.10.7 or later. For versions 15.11.0 through 15.11.3, update to version 15.11.3 or later. As a temporary workaround, consider restricting the use of the refs/replace feature until a patch is applied.