GitHub Security Advisories(GHSA)は、npm・PyPI・Maven などのオープンソース向けエコシステムで影響を受けるパッケージに対する正式な注意喚起で、多くの場合 CVE とリンクされています。 検索ボックスで GHSA や CVE を探し、エコシステムや深刻度で絞り込むか、概要文にフレーズ一致させます。
| GHSA | CVE | 深刻度 | タイプ | 概要 | 公開 |
|---|---|---|---|---|---|
| GHSA-hhpq-7wg4-36jm | CVE-2026-55590 | medium | reviewed | CakePHP Authentication: Open redirect weakness via backslash bypass | 2026-06-17 18:52:09 UTC |
| GHSA-m9cv-24rx-8mv7 | CVE-2026-55409 | high | reviewed | Filament: Disabled RichEditor field state can be used for XSS | 2026-06-17 18:41:12 UTC |
| GHSA-crmm-hgp2-wgrp | — | medium | reviewed | Laravel Framework: Temporary Signed URL Path Confusion | 2026-06-17 13:54:13 UTC |
| GHSA-5vg9-5847-vvmq | — | high | reviewed | Laravel Framework: CRLF injection in default email rule | 2026-06-17 13:53:44 UTC |
| GHSA-m557-wrgg-6rp4 | — | medium | reviewed | phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access | 2026-06-16 15:03:58 UTC |
| GHSA-h5x3-xfc9-m39h | CVE-2026-48784 | medium | reviewed | Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization | 2026-06-15 17:33:46 UTC |
| GHSA-v3wm-qf9p-c549 | CVE-2026-48760 | medium | reviewed | Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense | 2026-06-15 17:32:59 UTC |
| GHSA-rrj9-5q2j-4gvr | CVE-2026-48747 | medium | reviewed | Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade | 2026-06-15 17:32:28 UTC |
| GHSA-38cx-cq6f-5755 | CVE-2026-48736 | medium | reviewed | Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient | 2026-06-15 17:31:28 UTC |
| GHSA-6h46-9jf5-q59x | CVE-2026-48489 | high | reviewed | Symfony: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes | 2026-06-15 17:28:20 UTC |
| GHSA-x5qj-865h-mgvm | CVE-2026-48761 | medium | reviewed | Symfony: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes | 2026-06-15 16:46:53 UTC |
| GHSA-pjpj-v387-x4vq | CVE-2026-11607 | high | reviewed | TYPO3 CMS has Broken Access Control in its Form Framework | 2026-06-12 20:08:11 UTC |
| GHSA-f34x-rx2w-7pm3 | CVE-2026-47349 | medium | reviewed | TYPO3 CMS has Broken Access Control in the Recycler Module | 2026-06-12 20:08:04 UTC |
| GHSA-3p42-w5ch-gg42 | CVE-2026-47347 | medium | reviewed | TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities | 2026-06-12 20:07:58 UTC |
| GHSA-3v8v-4wg6-r7qh | CVE-2026-47343 | high | reviewed | TYPO3 CMS: Destructive Actions on File Mount Folders | 2026-06-12 20:07:52 UTC |
| GHSA-p5j5-4j3q-8mq8 | CVE-2026-47345 | medium | reviewed | TYPO3 HTML Sanitizer allows Cross-site Scripting | 2026-06-12 20:07:46 UTC |
| GHSA-jh32-v29g-68pq | CVE-2026-49741 | high | reviewed | TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework | 2026-06-12 19:32:22 UTC |
| GHSA-qcmw-6rm2-5x78 | CVE-2026-47350 | medium | reviewed | TYPO3 CMS has Broken Access Control in its DataHandler | 2026-06-12 19:32:15 UTC |
| GHSA-hwvq-2w67-rvxp | CVE-2026-47346 | high | reviewed | TYPO3 CMS has Broken Access Control in its Form Framework | 2026-06-12 19:32:09 UTC |
| GHSA-chm7-4vch-h8vr | CVE-2026-49742 | high | reviewed | TYPO3 CMS has Broken Access Control in its Media Module | 2026-06-12 19:09:30 UTC |