🚨 最新安全公告
- 🔴 GHSA-g936-7jqj-mwv8 [critical] (2026-07-10)
TSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation
- 🟠 GHSA-fpg8-7664-jc5q [high] (2026-07-10)
melange: Incomplete package integrity verification allows data section substitution
- ⚪ GHSA-48rx-c7pg-q66r [medium] (2026-07-10)
Excon does not redact additional sensitive/risky headers when following redirects
- 🟠 GHSA-h4g2-xfmw-q2c9 [high] (2026-07-10)
Clauster: Non-loopback deployments can serve the dashboard unauthenticated when auth.enabled is unset
- ⚪ GHSA-rqq5-2gf9-4w4q [medium] (2026-07-10)
Secure Headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input
- 🔴 GHSA-56mp-4f3v-fgj2 [critical] (2026-07-10)
SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content
- 🔴 GHSA-m5f5-28qr-9g9r [critical] (2026-07-10)
prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE
- 🔴 GHSA-5xfx-xj4h-5p7r [critical] (2026-07-10)
SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()
- 🟠 GHSA-g5r6-gv6m-f5jv [high] (2026-07-10)
mcp-atlassian: Arbitrary file read via missing path validation in confluence_upload_attachment
- 🟠 GHSA-wm45-qh3g-v83f [high] (2026-07-10)
mcp-atlassian: Arbitrary server-side file read via attachment upload
📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成