GitHub security advisory (AV26-650)
Serial number: AV26-650 Date: July 3, 2026 On June 30, 2026, GitHub published security advisories to address vulnerabilities in the following products: GitHub Enterprise Server – versions 3.21.x prior to 3.21.2 GitHub Enterprise Server – versions 3.20.x prior to 3.20.4 GitHub Enterprise Server – versions 3.19.x prior to 3.19.8 GitHub Enterprise Server – versions 3.18.x prior to 3.18.11 GitHub Enterprise Server – versions 3.17.x prior to 3.17.17 GitHub has stated that future patches and releases will be signed with a new public key, and customers will need to rotate to the new key before those patches and releases can be installed. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Enterprise Server 3.21.2 Enterprise Server 3.20.4 Enterprise Server 3.19.8 Enterprise Server 3.18.11 Enterprise Server 3.17.17
CSIRTS triage
- What
- Multiple vulnerabilities have been identified that require updates to GitHub Enterprise Server.
- Who is affected
- Deployments of affected versions of GitHub Enterprise Server are at risk.
- Urgency
- Remediation is necessary to ensure future patches can be applied securely.
- Action
- Update to the specified versions of GitHub Enterprise Server.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch GitHub Enterprise Server
Get an email when a new GitHub Enterprise Server advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://cyber.gc.ca/en/alerts-advisories/github-security-advisory-av26-650
More from Canadian Centre for Cyber Security
- unknownBitWarden security advisory (AV26-683)2026-07-10
- criticalAL25-007 - Vulnerability impacting Roundcube Webmail – CVE-2025-49113 – Update 12026-07-10
- unknownMicrosoft Edge security advisory (AV26-682)2026-07-10
- criticalBroadcom VMware security advisory (AV26-681)2026-07-10
- unknownDjango security advisory (AV26-084) – Update 12026-07-09