**GitHub 安全公告(GHSA)** 是針對易受攻擊的開源套件與生態(如 npm、PyPI、Maven)的權威通告,通常關聯 **CVE**。 使用搜尋框尋找 GHSA 或 CVE,依生態或嚴重度篩選,或在摘要中比對片語。
| GHSA | CVE | 嚴重度 | 類型 | 摘要 | 公開時間 |
|---|---|---|---|---|---|
| GHSA-hvrp-rf83-w775 | CVE-2026-52870 | high | reviewed | MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks | 2026-07-16 19:56:12 UTC |
| GHSA-wpcj-rmv4-86qg | CVE-2026-52832 | medium | reviewed | Nuclio: Unauthenticated path traversal in spec.handler allows arbitrary file write in Dashboard container | 2026-07-16 19:47:17 UTC |
| GHSA-3v79-m2cg-89ww | CVE-2026-52833 | high | reviewed | Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE | 2026-07-16 19:40:53 UTC |
| GHSA-22xc-xg2r-9j7v | CVE-2026-53714 | high | reviewed | Envoy Gateway: xDS Control Plane Information Disclosure when operating in GatewayNamespaceMode | 2026-07-16 19:32:23 UTC |
| GHSA-ggxf-9f6j-w742 | — | medium | reviewed | Diesel has possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database` | 2026-07-16 19:25:25 UTC |
| GHSA-wcrf-9vrr-854f | CVE-2026-53713 | critical | reviewed | Envoy Gateway: Authentication Bypass via Improper Input Validation in EnvoyExtensionPolicy Lua Allows Secret Disclosure | 2026-07-16 19:23:38 UTC |
| GHSA-8fv2-88gg-hm7q | CVE-2026-53715 | medium | reviewed | Envoy Gateway: Wasm cache ServeHTTP reads mappingPath2Cache without lock | 2026-07-16 19:21:15 UTC |
| GHSA-h7pq-86h8-rp5x | CVE-2026-53717 | medium | reviewed | Envoy Gateway: OCI layer extraction allocates make([]byte, h.Size) from untrusted tar header | 2026-07-16 19:20:05 UTC |
| GHSA-m2v6-2jmh-4c68 | CVE-2026-53719 | medium | reviewed | Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization | 2026-07-16 19:19:17 UTC |
| GHSA-cxpq-8v7q-cg56 | CVE-2026-53716 | medium | reviewed | Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit | 2026-07-16 19:18:08 UTC |
| GHSA-fcrp-7gc2-93g7 | CVE-2026-53718 | medium | reviewed | Envoy Gateway custom backendRef cross-namespace ReferenceGrant bypass | 2026-07-16 19:14:50 UTC |
| GHSA-v95x-xhq5-4929 | CVE-2026-50166 | medium | reviewed | kumactl connects to control plane without verifying TLS certificate when no CA is configured | 2026-07-16 19:12:08 UTC |
| GHSA-xm8x-vw7j-573w | CVE-2026-57074 | unknown | unreviewed | XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The... | 2026-07-16 18:31:34 UTC |
| GHSA-whw8-2869-jf7j | CVE-2026-63087 | critical | unreviewed | Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows... | 2026-07-16 18:31:34 UTC |
| GHSA-qx3v-2jx6-8m2c | CVE-2021-27137 | high | unreviewed | An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the... | 2026-07-16 18:31:34 UTC |
| GHSA-hp9p-wj8m-c339 | CVE-2026-15945 | medium | unreviewed | A flaw was found in the group search functionality of the Keycloak server's administrative API.... | 2026-07-16 18:31:34 UTC |
| GHSA-fgwg-8qwr-qvw3 | CVE-2026-63085 | high | unreviewed | Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability... | 2026-07-16 18:31:34 UTC |
| GHSA-c6cx-mj2w-vjcr | CVE-2026-63086 | medium | unreviewed | text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF)... | 2026-07-16 18:31:34 UTC |
| GHSA-8g48-f3xj-wjwv | CVE-2026-6511 | medium | unreviewed | During an internal security assessment, a potential improper access control vulnerability was... | 2026-07-16 18:31:34 UTC |
| GHSA-6j6v-724c-h5fm | CVE-2026-9046 | high | unreviewed | A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App... | 2026-07-16 18:31:34 UTC |