PatchSiren

GitHub CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH GitHub CVE published 2026-06-22

CVE-2025-66389

CVE-2025-66389 is a vulnerability in GitHub Copilot 1.372.0 that allows filesystem access outside of a workspace folder without user approval. This occurs via a file-handler URI parameter to fetch_webpage, potentially leading to exfiltration if there is indirect prompt injection. The CVE was published on June 22, 2026. Affected users should review and update their installations to mitigate potential risks [truncated]

CRITICAL GitHub CVE published 2026-05-27

CVE-2026-9312

A critical server-side request forgery (SSRF) vulnerability in GitHub Enterprise Server allowed unauthenticated attackers to redirect internal API calls by injecting path traversal sequences into upload endpoint parameters. The flaw, rooted in insufficient input validation, enabled access to internal services and potential credential exposure. GitHub resolved this across multiple release branches; adminis [truncated]

HIGH GitHub CVE published 2026-05-27

CVE-2026-8606

A Server-Side Request Forgery (SSRF) vulnerability in GitHub Enterprise Server's security advisories package lookup feature allowed attackers to direct HTTP requests to internal services. By targeting an internal management service and analyzing response timing, attackers could infer sensitive environment variable values including signing secrets and private keys. The vulnerability required GitHub Package [truncated]

HIGH Github CVE published 2026-03-06

CVE-2026-29783

CVE-2026-29783 describes an arbitrary code execution issue in the shell tool used by GitHub Copilot CLI. In affected versions prior to and including 0.0.422, crafted bash parameter expansion patterns could make a command appear "read-only" to the safety layer while still embedding executable behavior. GitHub states the issue is fixed in 0.0.423.