GitHub Security Advisories(GHSA)は、npm・PyPI・Maven などのオープンソース向けエコシステムで影響を受けるパッケージに対する正式な注意喚起で、多くの場合 CVE とリンクされています。 検索ボックスで GHSA や CVE を探し、エコシステムや深刻度で絞り込むか、概要文にフレーズ一致させます。
| GHSA | CVE | 深刻度 | タイプ | 概要 | 公開 |
|---|---|---|---|---|---|
| GHSA-5g75-477j-2c2f | CVE-2026-54617 | critical | reviewed | LaunchServer FileServerHandler has an unauthenticated path traversal issue | 2026-07-02 20:49:18 UTC |
| GHSA-794g-x443-36f7 | CVE-2026-2092 | high | reviewed | Keycloak: Unauthorized access via improper validation of encrypted SAML assertions | 2026-07-02 20:42:23 UTC |
| GHSA-q86x-4w7f-8hrm | CVE-2026-9563 | high | unreviewed | In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did... | 2026-07-02 09:32:03 UTC |
| GHSA-p9jg-fcr6-3mhf | CVE-2026-53712 | high | reviewed | OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms | 2026-07-01 21:51:17 UTC |
| GHSA-32h4-44jj-c5vx | CVE-2026-9795 | high | reviewed | Keycloak has privilege escalation via improper scope mapping enforcement | 2026-07-01 21:20:38 UTC |
| GHSA-j6hm-v3x2-qv6j | — | low | reviewed | land.oras:oras-java-sdk: Symlink-based path traversal in ArchiveUtils.untar / unzip allows arbitrary file write outside extraction directory | 2026-07-01 20:31:34 UTC |
| GHSA-2xv8-gjwh-fv8p | CVE-2026-49989 | low | reviewed | CrateDB's Blob HTTP handler bypasses authorization | 2026-07-01 19:55:07 UTC |
| GHSA-582q-v28r-7cxr | CVE-2026-46487 | high | reviewed | GeoNetwork has ACL bypass on Elasticsearch search when request body omits query field | 2026-07-01 17:57:13 UTC |
| GHSA-2v4m-fw6c-g78f | CVE-2026-39379 | high | reviewed | GeoNetwork has reflected XSS through client-side template injection | 2026-07-01 17:56:51 UTC |
| GHSA-qqw8-7c2r-jxch | CVE-2026-48791 | low | reviewed | Sigstore Java has a vulnerability with bundle verification of integratedTime | 2026-06-30 18:10:28 UTC |
| GHSA-4v2w-2wqp-mc85 | CVE-2026-48717 | medium | reviewed | OpenAM OAuth Authorization Bypass via PKCE Challenge | 2026-06-29 17:46:06 UTC |
| GHSA-f2cx-463q-7m2c | CVE-2026-47426 | high | reviewed | OpenAM OAuth Client Impersonation via JWKS Resolver Cache | 2026-06-29 17:44:37 UTC |
| GHSA-69j4-qvqr-hpw3 | CVE-2026-47424 | high | reviewed | OpenAM Authenticated RCE via Groovy Sandbox Escape | 2026-06-29 17:43:29 UTC |
| GHSA-5vwr-qchf-q4pf | — | medium | reviewed | @cyclonedx/cdxgen: Maven project scanning may allow shell command injection through repository-controlled module paths | 2026-06-26 19:47:24 UTC |
| GHSA-gf57-4mp6-m85x | CVE-2026-46623 | high | reviewed | OpenAM Account Takeover via Unverified Password Change in OAuth2 Module | 2026-06-26 17:33:35 UTC |
| GHSA-xq73-fvmr-jvmm | CVE-2026-46619 | high | reviewed | OpenAM Authentication Bypass via MSISDN LDAP Injection | 2026-06-26 17:32:18 UTC |
| GHSA-92qf-fcph-v5wr | CVE-2026-48722 | medium | reviewed | nextflow auth login command has incorrect default permissions | 2026-06-25 21:45:55 UTC |
| GHSA-386j-6m86-78f9 | CVE-2026-46560 | high | reviewed | OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing | 2026-06-25 17:22:24 UTC |
| GHSA-cj8f-2fhf-826r | CVE-2026-46498 | high | reviewed | OpenAM Arbitrary OAuth Token Minting via Push Registration | 2026-06-25 17:07:58 UTC |
| GHSA-pp89-732f-3g8q | CVE-2026-45794 | high | reviewed | OpenAM has Unsafe Java Deserialization via SNS | 2026-06-25 16:30:03 UTC |