🚨 最新安全公告
- 🟢 GHSA-pr64-jmmf-jp54 [low] (2026-07-15)
ToolHive: SSRF in remote MCP server authentication discovery (host-side, bypasses container isolation)
- ⚪ GHSA-xg43-5579-qw6v [medium] (2026-07-15)
adawolfa/isdoc: Uncontrolled resource consumption (decompression bomb) when reading untrusted ISDOCX or PDF files
- 🟠 GHSA-6f5r-5672-72j7 [high] (2026-07-15)
@andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default
- 🟠 GHSA-5xpp-75jx-m839 [high] (2026-07-15)
systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
- 🟠 GHSA-ggw3-5987-rx77 [high] (2026-07-15)
Pomerium Pre-Auth Memory Exhaustion via Unbounded zstd Decompression in HPKE Callback
- 🟠 GHSA-p5f6-rccc-jv98 [high] (2026-07-15)
dd-trace-rb: Improper parsing of W3C baggage headers may lead to DoS
- 🟠 GHSA-74j5-xf3v-crq8 [high] (2026-07-15)
dd-trace-go: Improper parsing of W3C baggage headers may lead to DoS
- 🟠 GHSA-38wr-vpc7-2mp4 [high] (2026-07-15)
dd-trace-dotnet: Improper parsing of W3C baggage headers may lead to DoS
- 🟠 GHSA-wxqq-gcq8-c443 [high] (2026-07-15)
dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS
- 🟠 GHSA-mw54-j2v2-42hr [high] (2026-07-15)
dd-trace-py: Improper parsing of W3C baggage headers may lead to DoS
📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成