**GitHub 安全公告(GHSA)** 是針對易受攻擊的開源套件與生態(如 npm、PyPI、Maven)的權威通告,通常關聯 **CVE**。 使用搜尋框尋找 GHSA 或 CVE,依生態或嚴重度篩選,或在摘要中比對片語。
| GHSA | CVE | 嚴重度 | 類型 | 摘要 | 公開時間 |
|---|---|---|---|---|---|
| GHSA-vg99-gr89-qhw9 | CVE-2026-61668 | high | reviewed | DIRAC: Pilot code downloaded over unverified HTTPS connection | 2026-07-13 18:37:51 UTC |
| GHSA-m4m7-4cw8-62j6 | CVE-2026-61667 | critical | reviewed | DIRAC is vulnerable to RCE in FileCatalog DatasetManager via SQL injection + eval | 2026-07-13 18:37:31 UTC |
| GHSA-h4pc-58cc-hc95 | CVE-2026-59955 | high | reviewed | Apollo ConfigService access key authentication bypass via raw config file appId parsing | 2026-07-13 18:37:14 UTC |
| GHSA-2jh3-2rfc-9fhf | CVE-2026-61505 | medium | unreviewed | Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter,... | 2026-07-13 18:30:55 UTC |
| GHSA-xxrm-3f86-v97j | CVE-2026-61500 | critical | unreviewed | Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic... | 2026-07-13 18:30:54 UTC |
| GHSA-pv44-gxjv-57j6 | CVE-2026-61503 | medium | unreviewed | Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint... | 2026-07-13 18:30:54 UTC |
| GHSA-fmrm-mcm3-c952 | CVE-2026-61501 | medium | unreviewed | Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without... | 2026-07-13 18:30:54 UTC |
| GHSA-868x-cwwh-grm3 | CVE-2026-61504 | medium | unreviewed | Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing,... | 2026-07-13 18:30:54 UTC |
| GHSA-53v3-qjv8-5264 | CVE-2026-61502 | medium | unreviewed | Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and... | 2026-07-13 18:30:54 UTC |
| GHSA-qhpw-w7p5-4c7m | CVE-2026-61463 | high | unreviewed | Shiori contains a privilege escalation vulnerability in the account update endpoint that allows... | 2026-07-13 18:30:53 UTC |
| GHSA-m48f-fh37-4jc6 | CVE-2026-60103 | medium | unreviewed | Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to... | 2026-07-13 18:30:53 UTC |
| GHSA-9p63-4jq7-2c9w | CVE-2026-53365 | unknown | unreviewed | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix zerocopy... | 2026-07-13 18:30:53 UTC |
| GHSA-5383-j2p9-qfg3 | CVE-2026-61462 | critical | unreviewed | mcp-gitlab contains a path traversal vulnerability in the job_id parameter of build/index.js that... | 2026-07-13 18:30:53 UTC |
| GHSA-r969-gf4c-xqf7 | CVE-2026-57433 | unknown | unreviewed | Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a... | 2026-07-13 18:30:52 UTC |
| GHSA-pc8p-4pfj-fgm2 | CVE-2026-53364 | unknown | unreviewed | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix... | 2026-07-13 18:30:52 UTC |
| GHSA-whhx-pv66-xhgq | CVE-2026-13221 | unknown | unreviewed | Perl versions through 5.43.9 produce silently incorrect regular expression matches when an... | 2026-07-13 18:30:51 UTC |
| GHSA-5g35-5jrj-f39p | CVE-2026-57432 | unknown | unreviewed | Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of... | 2026-07-13 18:30:51 UTC |
| GHSA-vw6g-9hpf-v3cq | CVE-2026-58065 | unknown | unreviewed | The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no`... | 2026-07-13 18:30:50 UTC |
| GHSA-fx25-85xr-cgxm | CVE-2026-59245 | unknown | unreviewed | In the Apache Airflow FAB auth manager, a DAG whose `dag_id` is `DAGs` collided with the global... | 2026-07-13 18:30:50 UTC |
| GHSA-4w3q-qpfq-v992 | CVE-2026-59954 | high | reviewed | Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching | 2026-07-13 18:26:30 UTC |