GitHub Security Advisories(GHSA)は、npm・PyPI・Maven などのオープンソース向けエコシステムで影響を受けるパッケージに対する正式な注意喚起で、多くの場合 CVE とリンクされています。 検索ボックスで GHSA や CVE を探し、エコシステムや深刻度で絞り込むか、概要文にフレーズ一致させます。
| GHSA | CVE | 深刻度 | タイプ | 概要 | 公開 |
|---|---|---|---|---|---|
| GHSA-mggp-f2j5-mm3g | CVE-2026-47896 | high | unreviewed | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... | 2026-07-03 09:31:29 UTC |
| GHSA-735g-4w2p-c7c6 | CVE-2026-9756 | medium | unreviewed | The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline... | 2026-07-03 09:31:29 UTC |
| GHSA-665g-qf3w-4vf7 | CVE-2026-35159 | medium | unreviewed | Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An... | 2026-07-03 09:31:29 UTC |
| GHSA-w64h-p64p-r649 | CVE-2026-11398 | medium | unreviewed | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is... | 2026-07-03 09:31:28 UTC |
| GHSA-vwpr-fv2p-8c56 | CVE-2026-14544 | critical | unreviewed | A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an... | 2026-07-03 09:31:28 UTC |
| GHSA-rh7m-r3xm-v5xg | CVE-2026-8804 | medium | unreviewed | Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does... | 2026-07-03 09:31:28 UTC |
| GHSA-ppgc-36hr-q23g | CVE-2026-11900 | medium | unreviewed | The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct... | 2026-07-03 09:31:28 UTC |
| GHSA-mh45-hp98-pch7 | CVE-2026-9148 | high | unreviewed | The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... | 2026-07-03 09:31:28 UTC |
| GHSA-m739-f9cm-66x2 | CVE-2026-47898 | medium | unreviewed | Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene... | 2026-07-03 09:31:28 UTC |
| GHSA-j6gj-9v56-qvqx | CVE-2026-9230 | medium | unreviewed | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable... | 2026-07-03 09:31:28 UTC |
| GHSA-j638-4r9q-m7mm | CVE-2026-11778 | medium | unreviewed | The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress... | 2026-07-03 09:31:28 UTC |
| GHSA-cvjh-fmg7-m8wm | CVE-2026-8351 | medium | unreviewed | The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced... | 2026-07-03 09:31:28 UTC |
| GHSA-6j76-xrvp-5rhc | CVE-2026-47897 | high | unreviewed | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... | 2026-07-03 09:31:28 UTC |
| GHSA-xq9p-gxg6-f7q6 | CVE-2026-9547 | unknown | unreviewed | When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the ... | 2026-07-03 09:31:27 UTC |
| GHSA-vw2x-3w8j-rq82 | CVE-2026-8926 | unknown | unreviewed | When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL... | 2026-07-03 09:31:27 UTC |
| GHSA-m7xm-hf59-w6rj | CVE-2026-8932 | unknown | unreviewed | libcurl would reuse a previously created connection even when some mTLS config related option had... | 2026-07-03 09:31:27 UTC |
| GHSA-jr4f-4564-w3mr | CVE-2026-8927 | unknown | unreviewed | When reusing a libcurl handle for sequential transfers driven by environment-variable proxy... | 2026-07-03 09:31:27 UTC |
| GHSA-hf34-v47h-w6m3 | CVE-2026-9080 | unknown | unreviewed | Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a... | 2026-07-03 09:31:27 UTC |
| GHSA-f4cv-xm48-3694 | CVE-2026-9079 | unknown | unreviewed | libcurl had a flaw that when instructed to clear proxy authentication credentials which made it... | 2026-07-03 09:31:27 UTC |
| GHSA-6v72-wfcj-jv53 | CVE-2026-9545 | unknown | unreviewed | In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when... | 2026-07-03 09:31:27 UTC |