GitHub Security Advisories(GHSA)は、npm・PyPI・Maven などのオープンソース向けエコシステムで影響を受けるパッケージに対する正式な注意喚起で、多くの場合 CVE とリンクされています。 検索ボックスで GHSA や CVE を探し、エコシステムや深刻度で絞り込むか、概要文にフレーズ一致させます。
| GHSA | CVE | 深刻度 | タイプ | 概要 | 公開 |
|---|---|---|---|---|---|
| GHSA-9wvh-mc26-36xw | CVE-2026-56081 | critical | unreviewed | Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and... | 2026-06-20 00:34:09 UTC |
| GHSA-4q75-4379-394h | CVE-2026-56082 | high | unreviewed | Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the... | 2026-06-20 00:34:09 UTC |
| GHSA-q28q-5xw5-9f2r | CVE-2026-56080 | medium | unreviewed | Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin... | 2026-06-20 00:34:08 UTC |
| GHSA-g359-4vg7-88hp | CVE-2026-56073 | critical | unreviewed | Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that... | 2026-06-20 00:34:07 UTC |
| GHSA-7hf5-4jq6-894f | CVE-2026-56079 | high | unreviewed | Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST... | 2026-06-20 00:34:07 UTC |
| GHSA-6vxv-wg6j-5qwp | — | high | reviewed | Gogs: XSS in .ipynb files renderer due to outdated notebookjs | 2026-06-19 21:42:52 UTC |
| GHSA-4vrg-r928-h5vv | CVE-2026-55866 | low | reviewed | SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected | 2026-06-19 21:42:12 UTC |
| GHSA-8w8f-r2xv-4q4j | CVE-2026-55776 | medium | reviewed | OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types | 2026-06-19 21:42:09 UTC |
| GHSA-mwr2-wmgp-crj6 | CVE-2026-55775 | low | reviewed | OpenBao's System Backend allows Unauthorized Management of the containing Namespace | 2026-06-19 21:42:06 UTC |
| GHSA-c36x-h252-g9x2 | CVE-2026-55774 | low | reviewed | OpenBao: Cross-namespace lease revocation/renewal via canonical sys/leases/{revoke,renew} — incomplete fix of CVE-2026-45808 | 2026-06-19 21:42:04 UTC |
| GHSA-6mwx-4547-5vc9 | CVE-2026-55770 | medium | reviewed | OpenBao: LDAPi ldaputil (wrong escape func) | 2026-06-19 21:42:01 UTC |
| GHSA-68w4-qxch-r794 | CVE-2026-12238 | medium | unreviewed | The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization... | 2026-06-19 21:32:47 UTC |
| GHSA-7hw8-6q6r-4276 | CVE-2026-55423 | medium | reviewed | Langflow: Logout button does not clear session | 2026-06-19 21:17:01 UTC |
| GHSA-h4gh-22qq-72r7 | CVE-2026-55206 | medium | reviewed | py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read() | 2026-06-19 21:16:33 UTC |
| GHSA-w4mc-hhc6-xp28 | CVE-2026-55187 | medium | reviewed | Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms | 2026-06-19 21:16:21 UTC |
| GHSA-m999-j542-5w3r | CVE-2026-55185 | medium | reviewed | Open Redirect Bypass in miniflux-v2 | 2026-06-19 21:16:13 UTC |
| GHSA-4mr2-fg2p-w63c | CVE-2026-54762 | medium | reviewed | Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails | 2026-06-19 21:15:56 UTC |
| GHSA-f9m7-vc86-p6jj | CVE-2026-55828 | medium | reviewed | go.qbee.io/transport: Symlink-chain path traversal in tar extraction (one level outside destination) | 2026-06-19 21:15:31 UTC |
| GHSA-fcw4-wwqm-m8cf | CVE-2026-11769 | medium | reviewed | Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName | 2026-06-19 20:51:16 UTC |
| GHSA-wfqx-gjrf-g28r | — | critical | reviewed | Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag | 2026-06-19 20:47:55 UTC |