GitHub Security Advisories

GitHub Security Advisories(GHSA)は、npm・PyPI・Maven などのオープンソース向けエコシステムで影響を受けるパッケージに対する正式な注意喚起で、多くの場合 CVE とリンクされています。 検索ボックスで GHSA や CVE を探し、エコシステムや深刻度で絞り込むか、概要文にフレーズ一致させます。

表示中 101120 / 51370 アドバイザリ
GHSA CVE 深刻度 タイプ 概要 公開
GHSA-hhm7-qrv5-h4r6 CVE-2026-52739 medium reviewed Zebra: Repeated Non-Finalized Shielded Transaction Aborts Zebra Before Duplicate-Nullifier Rejection 2026-07-02 19:46:35 UTC
GHSA-w834-cf6p-9m9w CVE-2026-52738 medium reviewed Zebra: Finalized address balance credit-first overflow on consensus-valid blocks 2026-07-02 19:44:54 UTC
GHSA-gvjc-3w7c-92jx CVE-2026-52737 medium reviewed Zebra has sync restart poisoning from single unauthenticated peer via above-lookahead block 2026-07-02 19:44:24 UTC
GHSA-gf9r-m956-97qx CVE-2026-52735 critical reviewed zebrad has consensus divergence via P2SH sigop undercount in pure-Rust disabled-opcode parser 2026-07-02 19:43:36 UTC
GHSA-4m69-67m6-prqp CVE-2026-52736 high reviewed Zebra has block suppression via NU5 same-header body poisoning of sent-hash cache 2026-07-02 19:43:08 UTC
GHSA-h72h-ppcx-998p low reviewed Zebra has pre-handshake buffer capacity reservation based on attacker-claimed body length 2026-07-02 19:42:05 UTC
GHSA-4fc2-h7jh-287c CVE-2026-52732 medium reviewed zebrad has mempool transaction admission denial via single-peer inbound queue saturation 2026-07-02 19:39:02 UTC
GHSA-c8w6-x74f-vmg3 medium reviewed zebrad vulnerable to full node denial of service via crafted Sapling receiver in z_listunifiedreceivers 2026-07-02 19:37:58 UTC
GHSA-f9ff-5x35-7gfw high reviewed Grackle: Fail-open authorization in the MCP tool layer lets scoped agents perform cross-task and cross-session mutations (IDOR) 2026-07-02 19:35:03 UTC
GHSA-443g-gwgp-49x4 low reviewed zebrad vulnerable to getblocks/getheaders locator CPU amplification via uncapped vector length 2026-07-02 19:34:21 UTC
GHSA-qv2r-v3mx-f4pf CVE-2026-52731 medium reviewed zebrad has full node denial of service via non-ASCII LongPollId in getblocktemplate 2026-07-02 19:28:03 UTC
GHSA-fcmw-wx57-9p75 CVE-2026-4776 high reviewed Mautic has SQL Injection in API Contact Filtering 2026-07-02 19:25:18 UTC
GHSA-q4rm-m6xh-5pv7 medium reviewed Froxlor customer can create MySQL databases on disallowed servers via Mysqls.add API 2026-07-02 19:23:49 UTC
GHSA-mr9h-45p9-fg8h medium reviewed Froxlor: Authenticated customers can read other customers' allowed sender aliases 2026-07-02 19:23:31 UTC
GHSA-v5ff-xmfp-p245 CVE-2026-49255 high reviewed electerm has Command Injection in File System Operations (rmrf, mv, cp) 2026-07-02 19:22:31 UTC
GHSA-4q9j-6299-gxmr CVE-2026-49254 low reviewed Dragonfly Manager OAuth provider client_secret disclosure via unauthenticated GET /api/v1/oauth 2026-07-02 19:21:30 UTC
GHSA-38j7-23hf-9mhc CVE-2026-49253 high reviewed electerm has Path Traversal in Zmodem and Trzsz Download Filename Handling 2026-07-02 19:20:20 UTC
GHSA-525m-7f82-2mf7 CVE-2026-49250 high reviewed @conform-to/dom parseSubmission vulnerable to CPU exhaustion when parsing many unique form fields 2026-07-02 19:18:41 UTC
GHSA-vv65-f55v-xm6g high reviewed Grackle has command/argument injection in the git worktree executor that enables RCE on provisioned hosts via an unsanitized task branch name (shell:true) 2026-07-02 19:16:57 UTC
GHSA-gg9x-qcx2-xmrh CVE-2026-49852 high reviewed joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363) 2026-07-02 19:12:08 UTC
cvelogic Threat Intelligence