GitHub has issued urgent security updates for its Enterprise Server product after discovering multiple high-severity vulnerabilities, including a critical flaw (CVE-2025-3509) that allows attackers to execute arbitrary code and compromise systems.

The vulnerabilities, which also expose sensitive repository data and enable cross-site scripting (XSS) attacks, affect versions 3.13.0 through 3.16.1 of GitHub Enterprise Server. Patches are now available in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.