GitHub Security Advisories(GHSA)は、npm・PyPI・Maven などのオープンソース向けエコシステムで影響を受けるパッケージに対する正式な注意喚起で、多くの場合 CVE とリンクされています。 検索ボックスで GHSA や CVE を探し、エコシステムや深刻度で絞り込むか、概要文にフレーズ一致させます。
| GHSA | CVE | 深刻度 | タイプ | 概要 | 公開 |
|---|---|---|---|---|---|
| GHSA-wr4j-hg4g-74fm | CVE-2026-15377 | low | unreviewed | A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this... | 2026-07-10 18:32:19 UTC |
| GHSA-v6x3-78p8-29hj | CVE-2025-70796 | high | unreviewed | An unauthenticated path traversal vulnerability exists in the web management interface of WTI ... | 2026-07-10 18:32:19 UTC |
| GHSA-q58p-r45f-cjqp | CVE-2026-3251 | medium | unreviewed | Improper neutralization of input during web page generation ('cross-site scripting')... | 2026-07-10 18:32:19 UTC |
| GHSA-j7jj-549c-j492 | CVE-2026-8609 | medium | unreviewed | An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values,... | 2026-07-10 18:32:19 UTC |
| GHSA-hhhx-wxgr-pj4r | CVE-2026-8595 | medium | unreviewed | A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a... | 2026-07-10 18:32:19 UTC |
| GHSA-g6v8-8hw9-mxr9 | CVE-2026-51119 | critical | unreviewed | An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the ... | 2026-07-10 18:32:19 UTC |
| GHSA-g4hc-6r3w-3xjp | CVE-2026-15373 | low | unreviewed | A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an... | 2026-07-10 18:32:19 UTC |
| GHSA-c5gr-gm67-478c | CVE-2026-15375 | low | unreviewed | A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown... | 2026-07-10 18:32:19 UTC |
| GHSA-8jm8-xjp3-35hq | CVE-2026-2398 | high | unreviewed | Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd.... | 2026-07-10 18:32:19 UTC |
| GHSA-7c75-35mf-f3w9 | CVE-2026-15374 | low | unreviewed | A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function... | 2026-07-10 18:32:19 UTC |
| GHSA-62g6-4j9c-6v7p | CVE-2026-39903 | high | unreviewed | Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization... | 2026-07-10 18:32:19 UTC |
| GHSA-34cr-c6hf-4xgc | CVE-2026-15143 | critical | unreviewed | A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability... | 2026-07-10 18:32:19 UTC |
| GHSA-489g-7rxv-6c8q | — | medium | reviewed | MCP Atlassian: DNS-rebinding TOCTOU bypass of the SSRF fix (CVE-2026-27826) | 2026-07-10 18:01:22 UTC |
| GHSA-jxj7-g6gm-49j7 | CVE-2026-49977 | medium | reviewed | tarteaucitron: data-cookie attribute can be used to delete arbitrary cookies | 2026-07-10 16:05:00 UTC |
| GHSA-cwc9-cp4j-mcvv | CVE-2026-49866 | high | reviewed | libp2p: CPU DoS via oversized IHAVE and IWANT control message arrays | 2026-07-10 16:04:49 UTC |
| GHSA-pj8j-p4g4-4vw8 | CVE-2026-49865 | medium | reviewed | Kimai has Server-Side Request Forgery in Invoice PDF Rendering via Markdown Image URLs | 2026-07-10 16:04:40 UTC |
| GHSA-xg8j-6m35-m6wr | CVE-2026-61450 | high | unreviewed | Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user,... | 2026-07-10 15:31:42 UTC |
| GHSA-wrw8-384c-cg76 | CVE-2026-61434 | high | unreviewed | PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command... | 2026-07-10 15:31:42 UTC |
| GHSA-vwv5-32vr-3jcp | CVE-2026-61444 | critical | unreviewed | PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where... | 2026-07-10 15:31:42 UTC |
| GHSA-jxpj-m582-7727 | CVE-2026-61455 | high | unreviewed | Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that... | 2026-07-10 15:31:42 UTC |