GitHub 安全公告

**GitHub 安全公告(GHSA)** 是針對易受攻擊的開源套件與生態(如 npm、PyPI、Maven)的權威通告,通常關聯 **CVE**。 使用搜尋框尋找 GHSA 或 CVE,依生態或嚴重度篩選,或在摘要中比對片語。

顯示 14116055170 筆公告
GHSA CVE 嚴重度 類型 摘要 公開時間
GHSA-hvrp-rf83-w775 CVE-2026-52870 high reviewed MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks 2026-07-16 19:56:12 UTC
GHSA-wpcj-rmv4-86qg CVE-2026-52832 medium reviewed Nuclio: Unauthenticated path traversal in spec.handler allows arbitrary file write in Dashboard container 2026-07-16 19:47:17 UTC
GHSA-3v79-m2cg-89ww CVE-2026-52833 high reviewed Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE 2026-07-16 19:40:53 UTC
GHSA-22xc-xg2r-9j7v CVE-2026-53714 high reviewed Envoy Gateway: xDS Control Plane Information Disclosure when operating in GatewayNamespaceMode 2026-07-16 19:32:23 UTC
GHSA-ggxf-9f6j-w742 medium reviewed Diesel has possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database` 2026-07-16 19:25:25 UTC
GHSA-wcrf-9vrr-854f CVE-2026-53713 critical reviewed Envoy Gateway: Authentication Bypass via Improper Input Validation in EnvoyExtensionPolicy Lua Allows Secret Disclosure 2026-07-16 19:23:38 UTC
GHSA-8fv2-88gg-hm7q CVE-2026-53715 medium reviewed Envoy Gateway: Wasm cache ServeHTTP reads mappingPath2Cache without lock 2026-07-16 19:21:15 UTC
GHSA-h7pq-86h8-rp5x CVE-2026-53717 medium reviewed Envoy Gateway: OCI layer extraction allocates make([]byte, h.Size) from untrusted tar header 2026-07-16 19:20:05 UTC
GHSA-m2v6-2jmh-4c68 CVE-2026-53719 medium reviewed Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization 2026-07-16 19:19:17 UTC
GHSA-cxpq-8v7q-cg56 CVE-2026-53716 medium reviewed Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit 2026-07-16 19:18:08 UTC
GHSA-fcrp-7gc2-93g7 CVE-2026-53718 medium reviewed Envoy Gateway custom backendRef cross-namespace ReferenceGrant bypass 2026-07-16 19:14:50 UTC
GHSA-v95x-xhq5-4929 CVE-2026-50166 medium reviewed kumactl connects to control plane without verifying TLS certificate when no CA is configured 2026-07-16 19:12:08 UTC
GHSA-xm8x-vw7j-573w CVE-2026-57074 unknown unreviewed XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The... 2026-07-16 18:31:34 UTC
GHSA-whw8-2869-jf7j CVE-2026-63087 critical unreviewed Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows... 2026-07-16 18:31:34 UTC
GHSA-qx3v-2jx6-8m2c CVE-2021-27137 high unreviewed An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the... 2026-07-16 18:31:34 UTC
GHSA-hp9p-wj8m-c339 CVE-2026-15945 medium unreviewed A flaw was found in the group search functionality of the Keycloak server's administrative API.... 2026-07-16 18:31:34 UTC
GHSA-fgwg-8qwr-qvw3 CVE-2026-63085 high unreviewed Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability... 2026-07-16 18:31:34 UTC
GHSA-c6cx-mj2w-vjcr CVE-2026-63086 medium unreviewed text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF)... 2026-07-16 18:31:34 UTC
GHSA-8g48-f3xj-wjwv CVE-2026-6511 medium unreviewed During an internal security assessment, a potential improper access control vulnerability was... 2026-07-16 18:31:34 UTC
GHSA-6j6v-724c-h5fm CVE-2026-9046 high unreviewed A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App... 2026-07-16 18:31:34 UTC
cvelogic Threat Intelligence