🚨 最新安全公告
- 🟠 GHSA-qcq2-496w-v96p [high] (2026-07-09)
Mistune: Potential DoS via quadratic-time parsing in parse_link_text
- ⚪ GHSA-frrj-87jh-2772 [medium] (2026-07-09)
GoBGP confederation validation panics on empty AS_PATH attribute
- ⚪ GHSA-gjrg-jjr3-56cm [medium] (2026-07-09)
GoBGP: BGP OPEN capability parser may read capability values outside declared CapLen boundaries
- ⚪ GHSA-2rmg-vrx8-9j2f [medium] (2026-07-09)
psd-tools vulnerable to arbitrary file write via smart-object filename
- ⚪ GHSA-9vcr-p3rj-q5q6 [medium] (2026-07-09)
sigstore-go has a multi-log threshold bypass via single compromised log
- ⚪ GHSA-h672-p7h7-97v9 [medium] (2026-07-09)
Rattler vulnerable to package cache path traversal via conda package build string
- ⚪ GHSA-h5g6-xmh4-hc37 [medium] (2026-07-09)
OpenRun: Redirect URL validation bypass using //host paths leads to Open Redirect
- 🟠 GHSA-g586-ccqf-7x4r [high] (2026-07-09)
mint: Unbounded streams map growth via PUSH_PROMISE without follow-up HEADERS
- 🟠 GHSA-2p26-p43x-fhp8 [high] (2026-07-09)
mint: Unbounded CONTINUATION/HEADERS frame accumulation (CONTINUATION flood)
- ⚪ GHSA-mjqx-c6f6-7rc2 [medium] (2026-07-09)
mint: Content-Length header accepts non-RFC "+" sign prefix
🔥 GitHub 热门安全项目
- [ion1nj4oi/Security-writeups](https://github.com/ion1nj4oi/Security-writeups) (0⭐)
Security Notes
- [MohnishShende/professional-portfolio](https://github.com/MohnishShende/professional-portfolio) (0⭐)
Professional portfolio showcasing cybersecurity engineering, security research, publications, and open-source projects.
📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成