**GitHub 安全公告(GHSA)** 是針對易受攻擊的開源套件與生態(如 npm、PyPI、Maven)的權威通告,通常關聯 **CVE**。 使用搜尋框尋找 GHSA 或 CVE,依生態或嚴重度篩選,或在摘要中比對片語。
| GHSA | CVE | 嚴重度 | 類型 | 摘要 | 公開時間 |
|---|---|---|---|---|---|
| GHSA-fw4x-gm4m-gfp9 | CVE-2026-57022 | high | unreviewed | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding... | 2026-07-10 00:31:26 UTC |
| GHSA-8p3c-wvj4-2gqc | CVE-2026-57023 | high | unreviewed | An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of... | 2026-07-10 00:31:26 UTC |
| GHSA-6hx5-3rjf-rm36 | CVE-2026-57030 | high | unreviewed | A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')... | 2026-07-10 00:31:26 UTC |
| GHSA-2xj6-hwhm-5m6g | CVE-2026-57027 | high | unreviewed | A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding... | 2026-07-10 00:31:26 UTC |
| GHSA-xc4g-8c26-vcmf | CVE-2026-33803 | medium | unreviewed | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper... | 2026-07-10 00:31:25 UTC |
| GHSA-v2wp-4h2v-wxcx | CVE-2026-38076 | unknown | unreviewed | An integer overflow in the jbig2_arith_iaid_ctx_new() function of Artifex commit cc37d0 allows... | 2026-07-10 00:31:25 UTC |
| GHSA-qcj4-cj8p-fhf4 | CVE-2026-39245 | unknown | unreviewed | decompress before 4.2.2 contains an improper path containment check that enables directory... | 2026-07-10 00:31:25 UTC |
| GHSA-m5fg-qjq5-56fv | CVE-2026-39246 | unknown | unreviewed | decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When... | 2026-07-10 00:31:25 UTC |
| GHSA-jwp9-9v96-94mx | CVE-2026-39243 | unknown | unreviewed | decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling... | 2026-07-10 00:31:25 UTC |
| GHSA-4c4g-46p8-24mq | CVE-2026-33802 | medium | unreviewed | A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows... | 2026-07-10 00:31:25 UTC |
| GHSA-whwr-vg23-jrwg | CVE-2026-15276 | low | unreviewed | A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code... | 2026-07-10 00:31:24 UTC |
| GHSA-f8vj-vmgj-67x6 | CVE-2026-15271 | high | unreviewed | A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450,... | 2026-07-10 00:31:24 UTC |
| GHSA-35hq-6xqg-g3wv | CVE-2026-15274 | low | unreviewed | A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the... | 2026-07-10 00:31:24 UTC |
| GHSA-28jh-g32x-v9v4 | CVE-2026-48598 | low | reviewed | Tesla vulnerable to multipart part smuggling via unescaped `content-disposition` values | 2026-07-10 00:04:37 UTC |
| GHSA-h74c-q9j7-mpcm | CVE-2026-48597 | high | reviewed | Tesla vulnerable to atom exhaustion via untrusted URL scheme | 2026-07-10 00:03:51 UTC |
| GHSA-9m9w-gxf7-rh8m | CVE-2026-48595 | high | reviewed | Tesla: Authorization header leaks on cross-origin redirect via case-sensitive filtering | 2026-07-10 00:03:31 UTC |
| GHSA-mc85-72gr-vm9f | CVE-2026-48594 | high | reviewed | Tesla has decompression bomb on response body | 2026-07-10 00:03:23 UTC |
| GHSA-q7jx-v53g-848w | CVE-2026-48596 | low | reviewed | Tesla has CRLF injection in request `Content-Type` header via `add_content_type_param` | 2026-07-10 00:03:12 UTC |
| GHSA-qcq2-496w-v96p | CVE-2026-49851 | high | reviewed | Mistune: Potential DoS via quadratic-time parsing in parse_link_text | 2026-07-09 23:52:27 UTC |
| GHSA-frrj-87jh-2772 | CVE-2026-49838 | medium | reviewed | GoBGP confederation validation panics on empty AS_PATH attribute | 2026-07-09 23:21:05 UTC |