GitHub Security Advisories(GHSA)は、npm・PyPI・Maven などのオープンソース向けエコシステムで影響を受けるパッケージに対する正式な注意喚起で、多くの場合 CVE とリンクされています。 検索ボックスで GHSA や CVE を探し、エコシステムや深刻度で絞り込むか、概要文にフレーズ一致させます。
| GHSA | CVE | 深刻度 | タイプ | 概要 | 公開 |
|---|---|---|---|---|---|
| GHSA-hhm7-qrv5-h4r6 | CVE-2026-52739 | medium | reviewed | Zebra: Repeated Non-Finalized Shielded Transaction Aborts Zebra Before Duplicate-Nullifier Rejection | 2026-07-02 19:46:35 UTC |
| GHSA-w834-cf6p-9m9w | CVE-2026-52738 | medium | reviewed | Zebra: Finalized address balance credit-first overflow on consensus-valid blocks | 2026-07-02 19:44:54 UTC |
| GHSA-gvjc-3w7c-92jx | CVE-2026-52737 | medium | reviewed | Zebra has sync restart poisoning from single unauthenticated peer via above-lookahead block | 2026-07-02 19:44:24 UTC |
| GHSA-gf9r-m956-97qx | CVE-2026-52735 | critical | reviewed | zebrad has consensus divergence via P2SH sigop undercount in pure-Rust disabled-opcode parser | 2026-07-02 19:43:36 UTC |
| GHSA-4m69-67m6-prqp | CVE-2026-52736 | high | reviewed | Zebra has block suppression via NU5 same-header body poisoning of sent-hash cache | 2026-07-02 19:43:08 UTC |
| GHSA-h72h-ppcx-998p | — | low | reviewed | Zebra has pre-handshake buffer capacity reservation based on attacker-claimed body length | 2026-07-02 19:42:05 UTC |
| GHSA-4fc2-h7jh-287c | CVE-2026-52732 | medium | reviewed | zebrad has mempool transaction admission denial via single-peer inbound queue saturation | 2026-07-02 19:39:02 UTC |
| GHSA-c8w6-x74f-vmg3 | — | medium | reviewed | zebrad vulnerable to full node denial of service via crafted Sapling receiver in z_listunifiedreceivers | 2026-07-02 19:37:58 UTC |
| GHSA-f9ff-5x35-7gfw | — | high | reviewed | Grackle: Fail-open authorization in the MCP tool layer lets scoped agents perform cross-task and cross-session mutations (IDOR) | 2026-07-02 19:35:03 UTC |
| GHSA-443g-gwgp-49x4 | — | low | reviewed | zebrad vulnerable to getblocks/getheaders locator CPU amplification via uncapped vector length | 2026-07-02 19:34:21 UTC |
| GHSA-qv2r-v3mx-f4pf | CVE-2026-52731 | medium | reviewed | zebrad has full node denial of service via non-ASCII LongPollId in getblocktemplate | 2026-07-02 19:28:03 UTC |
| GHSA-fcmw-wx57-9p75 | CVE-2026-4776 | high | reviewed | Mautic has SQL Injection in API Contact Filtering | 2026-07-02 19:25:18 UTC |
| GHSA-q4rm-m6xh-5pv7 | — | medium | reviewed | Froxlor customer can create MySQL databases on disallowed servers via Mysqls.add API | 2026-07-02 19:23:49 UTC |
| GHSA-mr9h-45p9-fg8h | — | medium | reviewed | Froxlor: Authenticated customers can read other customers' allowed sender aliases | 2026-07-02 19:23:31 UTC |
| GHSA-v5ff-xmfp-p245 | CVE-2026-49255 | high | reviewed | electerm has Command Injection in File System Operations (rmrf, mv, cp) | 2026-07-02 19:22:31 UTC |
| GHSA-4q9j-6299-gxmr | CVE-2026-49254 | low | reviewed | Dragonfly Manager OAuth provider client_secret disclosure via unauthenticated GET /api/v1/oauth | 2026-07-02 19:21:30 UTC |
| GHSA-38j7-23hf-9mhc | CVE-2026-49253 | high | reviewed | electerm has Path Traversal in Zmodem and Trzsz Download Filename Handling | 2026-07-02 19:20:20 UTC |
| GHSA-525m-7f82-2mf7 | CVE-2026-49250 | high | reviewed | @conform-to/dom parseSubmission vulnerable to CPU exhaustion when parsing many unique form fields | 2026-07-02 19:18:41 UTC |
| GHSA-vv65-f55v-xm6g | — | high | reviewed | Grackle has command/argument injection in the git worktree executor that enables RCE on provisioned hosts via an unsanitized task branch name (shell:true) | 2026-07-02 19:16:57 UTC |
| GHSA-gg9x-qcx2-xmrh | CVE-2026-49852 | high | reviewed | joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363) | 2026-07-02 19:12:08 UTC |