GitHub vendor security report

Security & Breach News (last 12 months)

• GitHub vulnerability CVE-2026-3854 allows code execution with a single git push | brief | SC Media

  CVE-2026-3854 is a confirmed vulnerability in GitHub Enterprise Server that allows code execution through improper handling of special elements, exploitable via a single git push. This represents a high-severity security issue directly affecting GitHub's product.

  SC MediaMay 2, 2026

  high
• CVE-2026-3854 GitHub flaw enables remote code execution

  Security AffairsMay 2, 2026

  low
• Reverse Engineering With AI Unearths High-Severity GitHub Bug

  GitHub disclosed CVE-2026-3854, a high-severity vulnerability (CVSS 8.7) in GitHub Enterprise Server that could allow attackers to gain unauthorized access. The vulnerability was identified through reverse engineering with AI techniques.

  Dark ReadingMay 2, 2026

  high
• Major Security Flaw In GitHub Enables Remote Code Execution Across Millions of Repositories

  A security vulnerability in GitHub has been identified that enables remote code execution across multiple repositories. This represents a confirmed vulnerability directly affecting GitHub's platform and its users.

  LinkedInMay 2, 2026

  high
• GitHub rushed to fix a critical vulnerability in less than six hours

  GitHub patched a critical remote code execution vulnerability within six hours of discovery by Wiz Research. The vulnerability posed a significant security risk but was remediated quickly before widespread exploitation.

  The VergeMay 2, 2026

  high
• Securing the git push pipeline: Responding to a critical remote code execution vulnerability

  GitHub identified and patched a critical remote code execution vulnerability in the git push pipeline within two hours of discovery. The company confirmed that no exploitation of the vulnerability occurred.

  The GitHub BlogMay 2, 2026

  high