{"source":"ghsa-go","note":"Free 5-item preview. The full feed is $0.05/call at GET /v1/ghsa-go/changes.","question":"Which new GitHub security advisories affecting Go packages were published since T, and how severe are they?","sample":[{"source":"ghsa-go","entityId":"ghsa:GHSA-864g-863m-vcvq","type":"advisory","title":"GHSA-864g-863m-vcvq / CVE-2026-44938: Fleet has PSS Bypass through addLabelsFromOptions in Fleet Agent","summary":"HIGH severity. Affected: github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet.","significance":9,"detectedAt":"2026-07-14T22:21:17.714Z","effectiveDate":"2026-07-01T20:35:37Z","sourceUrl":"https://github.com/advisories/GHSA-864g-863m-vcvq","detail":{"severity":"high","cve":"CVE-2026-44938","packages":"github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet","cvss":8.8}},{"source":"ghsa-go","entityId":"ghsa:GHSA-jmf4-m7j9-g72r","type":"advisory","title":"GHSA-jmf4-m7j9-g72r / CVE-2026-44937: Rancher Fleet has Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components","summary":"HIGH severity. Affected: github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet.","significance":8,"detectedAt":"2026-07-14T22:21:17.714Z","effectiveDate":"2026-07-01T20:44:24Z","sourceUrl":"https://github.com/advisories/GHSA-jmf4-m7j9-g72r","detail":{"severity":"high","cve":"CVE-2026-44937","packages":"github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet","cvss":7.5}},{"source":"ghsa-go","entityId":"ghsa:GHSA-mhc6-2gfq-xx62","type":"advisory","title":"GHSA-mhc6-2gfq-xx62 / CVE-2026-44939: Rancher vulnerable to command injection through unsanitized YAML parameter","summary":"CRITICAL severity. Affected: github.com/rancher/rancher, github.com/rancher/rancher, github.com/rancher/rancher, github.com/rancher/rancher, github.com/rancher/rancher, github.com/rancher/rancher.","significance":10,"detectedAt":"2026-07-14T22:21:17.714Z","effectiveDate":"2026-07-01T20:44:33Z","sourceUrl":"https://github.com/advisories/GHSA-mhc6-2gfq-xx62","detail":{"severity":"critical","cve":"CVE-2026-44939","packages":"github.com/rancher/rancher, github.com/rancher/rancher, github.com/rancher/rancher, github.com/rancher/rancher, github.com/rancher/rancher, github.com/rancher/rancher","cvss":9.6}},{"source":"ghsa-go","entityId":"ghsa:GHSA-hx4v-cxpf-vh8m","type":"advisory","title":"GHSA-hx4v-cxpf-vh8m / CVE-2026-44936: Rancher Fleet has SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml","summary":"MEDIUM severity. Affected: github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet.","significance":5,"detectedAt":"2026-07-14T22:21:17.714Z","effectiveDate":"2026-07-01T20:45:05Z","sourceUrl":"https://github.com/advisories/GHSA-hx4v-cxpf-vh8m","detail":{"severity":"medium","cve":"CVE-2026-44936","packages":"github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet","cvss":5}},{"source":"ghsa-go","entityId":"ghsa:GHSA-xr65-5cpm-g36x","type":"advisory","title":"GHSA-xr65-5cpm-g36x / CVE-2026-44935: Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer","summary":"CRITICAL severity. Affected: github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet.","significance":10,"detectedAt":"2026-07-14T22:21:17.714Z","effectiveDate":"2026-07-01T20:45:39Z","sourceUrl":"https://github.com/advisories/GHSA-xr65-5cpm-g36x","detail":{"severity":"critical","cve":"CVE-2026-44935","packages":"github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet, github.com/rancher/fleet","cvss":9.9}}]}