CVE-2025-13744

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.20 GitHub Enterprise Server versions 3.14.20 GitHub Enterprise Server versions 3.15.15 GitHub Enterprise Server versions 3.16.11 GitHub Enterprise Server versions 3.17.8 GitHub Enterprise Server versions 3.18.2 GitHub Enterprise Server versions 3.19.1

Description An Improper Neutralization of Input During Web Page Generation issue exists in GitHub Enterprise Server. This allows an attacker to render attacker-controlled HTML via the Filter component (search) across GitHub, potentially leading to the exfiltration of sensitive information. An attacker requires permissions to create or modify the names of milestones, issues, pull requests, or similar entities rendered in the vulnerable filter/search components to exploit this issue.

Recommendations Update GitHub Enterprise Server to version 3.20 or later. Update GitHub Enterprise Server to version 3.19.1. Update GitHub Enterprise Server to version 3.18.2. Update GitHub Enterprise Server to version 3.17.8. Update GitHub Enterprise Server to version 3.16.11. Update GitHub Enterprise Server to version 3.15.15. Update GitHub Enterprise Server to version 3.14.20.