{"source":"ghsa","note":"Free 5-item preview. The full feed is $0.05/call at GET /v1/ghsa/changes.","question":"Which new GitHub security advisories were published since T, and how severe are they?","sample":[{"source":"ghsa","entityId":"ghsa:GHSA-cwc9-cp4j-mcvv","type":"advisory","title":"GHSA-cwc9-cp4j-mcvv / CVE-2026-49866: libp2p: CPU DoS via oversized IHAVE and IWANT control message arrays","summary":"HIGH severity. Affected: @libp2p/gossipsub.","significance":8,"detectedAt":"2026-07-14T22:21:13.937Z","effectiveDate":"2026-07-10T16:04:49Z","sourceUrl":"https://github.com/advisories/GHSA-cwc9-cp4j-mcvv","detail":{"severity":"high","cve":"CVE-2026-49866","packages":"@libp2p/gossipsub","cvss":7.5}},{"source":"ghsa","entityId":"ghsa:GHSA-jxj7-g6gm-49j7","type":"advisory","title":"GHSA-jxj7-g6gm-49j7 / CVE-2026-49977: tarteaucitron: data-cookie attribute can be used to delete arbitrary cookies","summary":"MEDIUM severity. Affected: tarteaucitronjs.","significance":4,"detectedAt":"2026-07-14T22:21:13.937Z","effectiveDate":"2026-07-10T16:05:00Z","sourceUrl":"https://github.com/advisories/GHSA-jxj7-g6gm-49j7","detail":{"severity":"medium","cve":"CVE-2026-49977","packages":"tarteaucitronjs","cvss":4.3}},{"source":"ghsa","entityId":"ghsa:GHSA-489g-7rxv-6c8q","type":"advisory","title":"GHSA-489g-7rxv-6c8q: MCP Atlassian: DNS-rebinding TOCTOU bypass of the SSRF fix (CVE-2026-27826)","summary":"MEDIUM severity. Affected: mcp-atlassian.","significance":7,"detectedAt":"2026-07-14T22:21:13.937Z","effectiveDate":"2026-07-10T18:01:22Z","sourceUrl":"https://github.com/advisories/GHSA-489g-7rxv-6c8q","detail":{"severity":"medium","cve":null,"packages":"mcp-atlassian","cvss":6.5}},{"source":"ghsa","entityId":"ghsa:GHSA-p4m3-mgmm-c664","type":"advisory","title":"GHSA-p4m3-mgmm-c664 / CVE-2026-54066: SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read), Incomplete fix of CVE-2026-41894","summary":"HIGH severity. Affected: github.com/siyuan-note/siyuan/kernel.","significance":8,"detectedAt":"2026-07-14T22:21:13.937Z","effectiveDate":"2026-07-10T19:25:04Z","sourceUrl":"https://github.com/advisories/GHSA-p4m3-mgmm-c664","detail":{"severity":"high","cve":"CVE-2026-54066","packages":"github.com/siyuan-note/siyuan/kernel","cvss":7.5}},{"source":"ghsa","entityId":"ghsa:GHSA-mvjr-vv3c-w4qv","type":"advisory","title":"GHSA-mvjr-vv3c-w4qv / CVE-2026-54067: SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()","summary":"CRITICAL severity. Affected: github.com/siyuan-note/siyuan/kernel.","significance":10,"detectedAt":"2026-07-14T22:21:13.937Z","effectiveDate":"2026-07-10T19:25:09Z","sourceUrl":"https://github.com/advisories/GHSA-mvjr-vv3c-w4qv","detail":{"severity":"critical","cve":"CVE-2026-54067","packages":"github.com/siyuan-note/siyuan/kernel","cvss":9.9}}]}