🚨 最新安全公告
- 🟠 GHSA-37h2-6p4f-mp3q [high] (2026-07-08)
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
- 🟠 GHSA-6h3c-r723-7fx3 [high] (2026-07-08)
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak
- ⚪ GHSA-qpm9-h556-mwxm [medium] (2026-07-08)
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries
- 🟢 GHSA-43fc-v873-qw85 [low] (2026-07-08)
Waku has an Open Redirect via unstable_redirect Helper
- ⚪ GHSA-75w3-gmqx-993q [medium] (2026-07-08)
Waku: Cross-Origin CSRF on RSC Server Action Dispatch
- 🔴 GHSA-xqhv-chqm-fhcc [critical] (2026-07-08)
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE
- ⚪ GHSA-q95x-7g78-rccv [medium] (2026-07-08)
OneRingBuf has a Use After Free Vulnerability
- ⚪ GHSA-9qm4-rh6w-pq5x [medium] (2026-07-08)
DSpace: Path Traversal is possible through LDN message generation
- ⚪ GHSA-c827-pw3m-67w7 [medium] (2026-07-08)
DSpace: ORE resource URI does not validate scheme for non-web resources
- ⚪ GHSA-v66x-68f2-pxf5 [medium] (2026-07-08)
DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path
🔥 GitHub 热门安全项目
- [tom-acco/ha-warden](https://github.com/tom-acco/ha-warden) (0⭐)
A Home Assistant custom integration for structured, tamper-evident security event logging.
📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成