GitHub 安全公告

**GitHub 安全公告(GHSA)** 是針對易受攻擊的開源套件與生態(如 npm、PyPI、Maven)的權威通告,通常關聯 **CVE**。 使用搜尋框尋找 GHSA 或 CVE,依生態或嚴重度篩選,或在摘要中比對片語。

顯示 8110053635 筆公告
GHSA CVE 嚴重度 類型 摘要 公開時間
GHSA-vg99-gr89-qhw9 CVE-2026-61668 high reviewed DIRAC: Pilot code downloaded over unverified HTTPS connection 2026-07-13 18:37:51 UTC
GHSA-m4m7-4cw8-62j6 CVE-2026-61667 critical reviewed DIRAC is vulnerable to RCE in FileCatalog DatasetManager via SQL injection + eval 2026-07-13 18:37:31 UTC
GHSA-h4pc-58cc-hc95 CVE-2026-59955 high reviewed Apollo ConfigService access key authentication bypass via raw config file appId parsing 2026-07-13 18:37:14 UTC
GHSA-2jh3-2rfc-9fhf CVE-2026-61505 medium unreviewed Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter,... 2026-07-13 18:30:55 UTC
GHSA-xxrm-3f86-v97j CVE-2026-61500 critical unreviewed Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic... 2026-07-13 18:30:54 UTC
GHSA-pv44-gxjv-57j6 CVE-2026-61503 medium unreviewed Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint... 2026-07-13 18:30:54 UTC
GHSA-fmrm-mcm3-c952 CVE-2026-61501 medium unreviewed Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without... 2026-07-13 18:30:54 UTC
GHSA-868x-cwwh-grm3 CVE-2026-61504 medium unreviewed Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing,... 2026-07-13 18:30:54 UTC
GHSA-53v3-qjv8-5264 CVE-2026-61502 medium unreviewed Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and... 2026-07-13 18:30:54 UTC
GHSA-qhpw-w7p5-4c7m CVE-2026-61463 high unreviewed Shiori contains a privilege escalation vulnerability in the account update endpoint that allows... 2026-07-13 18:30:53 UTC
GHSA-m48f-fh37-4jc6 CVE-2026-60103 medium unreviewed Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to... 2026-07-13 18:30:53 UTC
GHSA-9p63-4jq7-2c9w CVE-2026-53365 unknown unreviewed In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix zerocopy... 2026-07-13 18:30:53 UTC
GHSA-5383-j2p9-qfg3 CVE-2026-61462 critical unreviewed mcp-gitlab contains a path traversal vulnerability in the job_id parameter of build/index.js that... 2026-07-13 18:30:53 UTC
GHSA-r969-gf4c-xqf7 CVE-2026-57433 unknown unreviewed Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a... 2026-07-13 18:30:52 UTC
GHSA-pc8p-4pfj-fgm2 CVE-2026-53364 unknown unreviewed In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix... 2026-07-13 18:30:52 UTC
GHSA-whhx-pv66-xhgq CVE-2026-13221 unknown unreviewed Perl versions through 5.43.9 produce silently incorrect regular expression matches when an... 2026-07-13 18:30:51 UTC
GHSA-5g35-5jrj-f39p CVE-2026-57432 unknown unreviewed Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of... 2026-07-13 18:30:51 UTC
GHSA-vw6g-9hpf-v3cq CVE-2026-58065 unknown unreviewed The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no`... 2026-07-13 18:30:50 UTC
GHSA-fx25-85xr-cgxm CVE-2026-59245 unknown unreviewed In the Apache Airflow FAB auth manager, a DAG whose `dag_id` is `DAGs` collided with the global... 2026-07-13 18:30:50 UTC
GHSA-4w3q-qpfq-v992 CVE-2026-59954 high reviewed Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching 2026-07-13 18:26:30 UTC
cvelogic Threat Intelligence