GitHub 安全公告

**GitHub 安全公告(GHSA)** 是针对易受攻击的开源包与生态(如 npm、PyPI、Maven)的权威通告,通常关联 **CVE**。 使用搜索框查找 GHSA 或 CVE,按生态或严重度筛选,或在摘要中匹配短语。

显示 1206155 条公告
«« 第一页 « 上一页 第 1 / 308 页 下一页 »
GHSA CVE 严重度 类型 摘要 公开时间
GHSA-qfp7-j94c-gx97 CVE-2026-11914 unknown unreviewed vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*. 2026-07-11 00:31:49 UTC
GHSA-m5f5-28qr-9g9r CVE-2026-54159 critical reviewed prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE 2026-07-10 20:36:56 UTC
GHSA-qv4m-m73m-8hj7 high reviewed NotrinosERP: Authenticated arbitrary file upload leads to remote code execution via HRM employee "Documents" (doc_file) 2026-07-10 19:34:03 UTC
GHSA-pj8j-p4g4-4vw8 CVE-2026-49865 medium reviewed Kimai has Server-Side Request Forgery in Invoice PDF Rendering via Markdown Image URLs 2026-07-10 16:04:40 UTC
GHSA-pjhx-3c3w-9v23 CVE-2026-49858 medium reviewed API Platform Core vulnerable to cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate 2026-07-10 14:32:01 UTC
GHSA-mr9r-h354-966r CVE-2026-53639 medium reviewed Sylius: IDOR on Shop Payment Request API endpoints 2026-07-09 21:03:51 UTC
GHSA-6955-hrm5-c4qp CVE-2026-53638 medium reviewed Sylius: Channel-based payment method restriction bypass on shop account orders API endpoint 2026-07-09 21:03:46 UTC
GHSA-5597-7rmh-97q5 CVE-2026-53637 medium reviewed Sylius: Cart FormComponent allows modification or deletion of an already-completed order 2026-07-09 21:03:41 UTC
GHSA-px5m-h76g-p7p8 CVE-2026-52778 critical reviewed YesWiki has Unsafe eval() in its Formula Calculato, Leading to Remote Code Execution & Denial of Service 2026-07-09 21:03:04 UTC
GHSA-9369-69wj-7m2f CVE-2026-52777 critical reviewed YesWiki Vulnerable to Authenticated PHP Object Injection in BazarImportAction via unserialize 2026-07-09 21:02:58 UTC
GHSA-4pf7-cc4r-g63h CVE-2026-52775 high reviewed YesWiki has Authenticated SQL Injection via ReactionManager 2026-07-09 21:02:40 UTC
GHSA-r5xw-gcgw-hwp5 CVE-2026-52774 medium reviewed YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes 2026-07-09 21:01:10 UTC
GHSA-35f3-pg38-486f CVE-2026-52773 medium reviewed YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php` 2026-07-09 21:00:55 UTC
GHSA-xc7j-3g8q-9vh4 CVE-2026-52772 medium reviewed YesWiki has stored XSS in Bazar form-field templates via unescaped field.label / field.hint (|raw('html')) 2026-07-09 21:00:33 UTC
GHSA-8f2v-2qhj-gfwg CVE-2026-52771 high reviewed YesWiki: Second-Order SQL Injection in Page Delete API via Unescaped Page Tag (`ApiController::deletePage`) 2026-07-09 21:00:14 UTC
GHSA-qg78-vmvc-fhjw CVE-2026-52770 high reviewed YesWiki: SQL Injection possible through public Bazar entry-listing APIs via numeric `query`/`queries` filters 2026-07-09 21:00:05 UTC
GHSA-vw42-752g-5mrp CVE-2026-52769 high reviewed YesWiki has Unauthenticated Server-Side Request Forgery via ActivityPub `Signature.keyId` 2026-07-09 20:58:33 UTC
GHSA-mv28-wj57-f57g CVE-2026-52767 high reviewed YesWiki Vulnerable to Unauthenticated ActivityPub Signature-Verification Bypass via `!openssl_verify(...)` accepting `int(-1)` 2026-07-09 20:58:12 UTC
GHSA-6x7x-gcmf-7r8x CVE-2026-52766 critical reviewed YesWiki vulnerable to unauthenticated arbitrary page deletion via `{{erasespamedcomments}}` action 2026-07-09 20:57:25 UTC
GHSA-89v6-j5x6-cmj3 CVE-2026-52763 medium reviewed YesWiki: SQL injection via the `recentchanges` action `period` argument leads to arbitrary DB read 2026-07-09 20:54:46 UTC
«« 第一页 « 上一页 第 1 / 308 页 下一页 »
cvelogic Threat Intelligence