GitHub security advisory (AV26-650)

Serial number: AV26-650
Date: July 3, 2026

On June 30, 2026, GitHub published security advisories to address vulnerabilities in the following products:

  • GitHub Enterprise Server – versions 3.21.x prior to 3.21.2
  • GitHub Enterprise Server – versions 3.20.x prior to 3.20.4
  • GitHub Enterprise Server – versions 3.19.x prior to 3.19.8
  • GitHub Enterprise Server – versions 3.18.x prior to 3.18.11
  • GitHub Enterprise Server – versions 3.17.x prior to 3.17.17

GitHub has stated that future patches and releases will be signed with a new public key, and customers will need to rotate to the new key before those patches and releases can be installed.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Date modified: