PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-06-30

📅 2026年6月30日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • 🟠 GHSA-q2m9-6jp9-c6mc [high] (2026-06-29)

Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query

详情

  • GHSA-4v2w-2wqp-mc85 [medium] (2026-06-29)

OpenAM OAuth Authorization Bypass via PKCE Challenge

详情

  • 🟠 GHSA-f2cx-463q-7m2c [high] (2026-06-29)

OpenAM OAuth Client Impersonation via JWKS Resolver Cache

详情

  • 🟠 GHSA-69j4-qvqr-hpw3 [high] (2026-06-29)

OpenAM Authenticated RCE via Groovy Sandbox Escape

详情

  • 🟠 GHSA-qrv3-253h-g69c [high] (2026-06-27)

pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

详情

  • 🟠 GHSA-72r4-9c5j-mj57 [high] (2026-06-27)

pnpm: patch-remove could delete project-selected files outside the patches directory

详情

  • 🟠 GHSA-fr4h-3cph-29xv [high] (2026-06-27)

pnpm: Hoisted install imports lockfile alias outside node_modules

详情

  • GHSA-ww5p-j6cj-6mqq [medium] (2026-06-26)

Nezha Dashboard: DDNS and Notification credential exposure via unredacted list API

详情

  • 🟠 GHSA-v23m-ccfg-pq9h [high] (2026-06-26)

pnpm: stage download writes outside its destination directory via manifest name/version traversal

详情

  • GHSA-4gxm-v5v7-fqc4 [medium] (2026-06-26)

pnpm: Reserved bin name deletes PNPM_HOME during global remove

详情

🔥 GitHub 热门安全项目

  • [XenoX352/security-samp-open.mp](https://github.com/XenoX352/security-samp-open.mp) (1⭐)

granting permission to Indonesian and Malaysian players and not granting permission to players outside the country area

  • [didrod205/shadowbuster](https://github.com/didrod205/shadowbuster) (1⭐)

That black redaction bar isn't redaction — it's a sticker. Drop a PDF, Excel, Word, PowerPoint or screenshot and recover what was hidden but never removed — 100% in your browser, nothing uploaded. Zero dependencies.

  • [JonatasAns/Security](https://github.com/JonatasAns/Security) (0⭐)

Trabalho de segurança - final

  • [adflickinger213/SecurityShield-Extension](https://github.com/adflickinger213/SecurityShield-Extension) (0⭐)

Chrome security extension with phishing detection, HTTPS enforcement, and threat warnings

  • [JuanDFrancoC/Spring-Security](https://github.com/JuanDFrancoC/Spring-Security) (0⭐)

Autorizacion y Autenticacion


📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页