GitHub Security Advisories

GitHub Security Advisories(GHSA)は、npm・PyPI・Maven などのオープンソース向けエコシステムで影響を受けるパッケージに対する正式な注意喚起で、多くの場合 CVE とリンクされています。 検索ボックスで GHSA や CVE を探し、エコシステムや深刻度で絞り込むか、概要文にフレーズ一致させます。

表示中 120 / 6680 アドバイザリ
«« 先頭 « 前へ 1 / 334 次へ »
GHSA CVE 深刻度 タイプ 概要 公開
GHSA-5g75-477j-2c2f CVE-2026-54617 critical reviewed LaunchServer FileServerHandler has an unauthenticated path traversal issue 2026-07-02 20:49:18 UTC
GHSA-794g-x443-36f7 CVE-2026-2092 high reviewed Keycloak: Unauthorized access via improper validation of encrypted SAML assertions 2026-07-02 20:42:23 UTC
GHSA-q86x-4w7f-8hrm CVE-2026-9563 high unreviewed In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did... 2026-07-02 09:32:03 UTC
GHSA-p9jg-fcr6-3mhf CVE-2026-53712 high reviewed OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms 2026-07-01 21:51:17 UTC
GHSA-32h4-44jj-c5vx CVE-2026-9795 high reviewed Keycloak has privilege escalation via improper scope mapping enforcement 2026-07-01 21:20:38 UTC
GHSA-j6hm-v3x2-qv6j low reviewed land.oras:oras-java-sdk: Symlink-based path traversal in ArchiveUtils.untar / unzip allows arbitrary file write outside extraction directory 2026-07-01 20:31:34 UTC
GHSA-2xv8-gjwh-fv8p CVE-2026-49989 low reviewed CrateDB's Blob HTTP handler bypasses authorization 2026-07-01 19:55:07 UTC
GHSA-582q-v28r-7cxr CVE-2026-46487 high reviewed GeoNetwork has ACL bypass on Elasticsearch search when request body omits query field 2026-07-01 17:57:13 UTC
GHSA-2v4m-fw6c-g78f CVE-2026-39379 high reviewed GeoNetwork has reflected XSS through client-side template injection 2026-07-01 17:56:51 UTC
GHSA-qqw8-7c2r-jxch CVE-2026-48791 low reviewed Sigstore Java has a vulnerability with bundle verification of integratedTime 2026-06-30 18:10:28 UTC
GHSA-4v2w-2wqp-mc85 CVE-2026-48717 medium reviewed OpenAM OAuth Authorization Bypass via PKCE Challenge 2026-06-29 17:46:06 UTC
GHSA-f2cx-463q-7m2c CVE-2026-47426 high reviewed OpenAM OAuth Client Impersonation via JWKS Resolver Cache 2026-06-29 17:44:37 UTC
GHSA-69j4-qvqr-hpw3 CVE-2026-47424 high reviewed OpenAM Authenticated RCE via Groovy Sandbox Escape 2026-06-29 17:43:29 UTC
GHSA-5vwr-qchf-q4pf medium reviewed @cyclonedx/cdxgen: Maven project scanning may allow shell command injection through repository-controlled module paths 2026-06-26 19:47:24 UTC
GHSA-gf57-4mp6-m85x CVE-2026-46623 high reviewed OpenAM Account Takeover via Unverified Password Change in OAuth2 Module 2026-06-26 17:33:35 UTC
GHSA-xq73-fvmr-jvmm CVE-2026-46619 high reviewed OpenAM Authentication Bypass via MSISDN LDAP Injection 2026-06-26 17:32:18 UTC
GHSA-92qf-fcph-v5wr CVE-2026-48722 medium reviewed nextflow auth login command has incorrect default permissions 2026-06-25 21:45:55 UTC
GHSA-386j-6m86-78f9 CVE-2026-46560 high reviewed OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing 2026-06-25 17:22:24 UTC
GHSA-cj8f-2fhf-826r CVE-2026-46498 high reviewed OpenAM Arbitrary OAuth Token Minting via Push Registration 2026-06-25 17:07:58 UTC
GHSA-pp89-732f-3g8q CVE-2026-45794 high reviewed OpenAM has Unsafe Java Deserialization via SNS 2026-06-25 16:30:03 UTC
«« 先頭 « 前へ 1 / 334 次へ »
cvelogic Threat Intelligence