GitHub 安全公告

**GitHub 安全公告(GHSA)** 是针对易受攻击的开源包与生态(如 npm、PyPI、Maven)的权威通告,通常关联 **CVE**。 使用搜索框查找 GHSA 或 CVE,按生态或严重度筛选,或在摘要中匹配短语。

显示 12114053191 条公告
GHSA CVE 严重度 类型 摘要 公开时间
GHSA-wmg3-h8mf-wgvr CVE-2026-61459 critical unreviewed MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured... 2026-07-10 21:32:32 UTC
GHSA-q94r-r39w-76f6 CVE-2026-5801 critical unreviewed Improper neutralization of special elements used in an SQL command ('SQL injection')... 2026-07-10 21:32:32 UTC
GHSA-hw83-q5rh-7hgf CVE-2026-61461 high unreviewed Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend... 2026-07-10 21:32:32 UTC
GHSA-g6gj-wmj4-88pr CVE-2026-6212 high unreviewed Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies... 2026-07-10 21:32:32 UTC
GHSA-9qgj-r9fj-454p CVE-2026-61460 high unreviewed Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in... 2026-07-10 21:32:32 UTC
GHSA-w2cw-hx5v-f37r CVE-2025-30008 medium unreviewed HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows... 2026-07-10 21:32:30 UTC
GHSA-77jw-q7w3-q2hw CVE-2026-15146 medium unreviewed GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP... 2026-07-10 21:32:30 UTC
GHSA-5c2f-7vp3-pm3x CVE-2025-30007 high unreviewed HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows... 2026-07-10 21:32:29 UTC
GHSA-48rx-c7pg-q66r CVE-2026-54171 medium reviewed Excon does not redact additional sensitive/risky headers when following redirects 2026-07-10 20:37:29 UTC
GHSA-h4g2-xfmw-q2c9 high reviewed Clauster: Non-loopback deployments can serve the dashboard unauthenticated when auth.enabled is unset 2026-07-10 20:37:23 UTC
GHSA-rqq5-2gf9-4w4q CVE-2026-54163 medium reviewed Secure Headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input 2026-07-10 20:37:15 UTC
GHSA-56mp-4f3v-fgj2 CVE-2026-50551 critical reviewed SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content 2026-07-10 20:37:04 UTC
GHSA-m5f5-28qr-9g9r CVE-2026-54159 critical reviewed prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE 2026-07-10 20:36:56 UTC
GHSA-5xfx-xj4h-5p7r CVE-2026-54158 critical reviewed SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML() 2026-07-10 19:34:53 UTC
GHSA-g5r6-gv6m-f5jv high reviewed mcp-atlassian: Arbitrary file read via missing path validation in confluence_upload_attachment 2026-07-10 19:34:37 UTC
GHSA-wm45-qh3g-v83f high reviewed mcp-atlassian: Arbitrary server-side file read via attachment upload 2026-07-10 19:34:30 UTC
GHSA-xrmc-c5cg-rv7x high reviewed SafeInstall agent guard shell parsing can miss raw package execution 2026-07-10 19:34:14 UTC
GHSA-qv4m-m73m-8hj7 high reviewed NotrinosERP: Authenticated arbitrary file upload leads to remote code execution via HRM employee "Documents" (doc_file) 2026-07-10 19:34:03 UTC
GHSA-m8gf-v64p-gfmg CVE-2026-54071 high reviewed BabelDOC: Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py 2026-07-10 19:32:44 UTC
GHSA-m93h-4hw7-5qcm CVE-2026-54088 critical reviewed File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE) 2026-07-10 19:32:32 UTC
cvelogic Threat Intelligence