Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
gitroomhq/postie-app Security Fixes: GHSA-88wq-w2cw-7v44 & GHSA-w6vh-v53j-g589
github.com · 2026-04-03

### Vulnerability Key Information Summary **Vulnerability Overview** * **Project Name**: `gitroomhq/postie-app` * **Release Type**: Security Fixes * **Affected Vulnerabilities**: * `GHSA-88wq-w2cw-7v4…

Read more
Vim heap-buffer-overflow fix in ins_typebuf (GHSA-4ghr-c62x-cqfh)
github.com · 2024-08-28

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID**: GHSA-4ghr-c62x-cqfh 2. **Issue Description**: heap-buffer-overflow in `ins…

Read more
Rucio WebUI Security Fixes: Username Enumeration & Stored XSS (GHSA-38wq, GHSA-h79m, etc.)
github.com · 2026-02-26

### Rucio 39.3.1 Patch Release This release addresses several security-relevant issues in the (legacy) Rucio Web UI: - **GHSA-38wq-6q2w-hcf9**: Username Enumeration via Login Error Message in Rucio We…

Read more
Jetty PushSessionCacheFilter Remote DoS Vulnerability (GHSA-r7m4-f9h5-gr79)
github.com · 2024-10-16

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: PushSessionCacheFilter can cause remote DoS attacks 2. **Publisher**: jo…

Read more
SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) · Advisory · w
github.com · 2026-04-25

# SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) ## Vulnerability Overview At line 28 of the file `packages/integrations/cloudflare/src/utils…

Read more
[Patch Bypass] Incomplete Fix for GHSA-3p68-rc4w-qgx5 (CVE-2025-62718) — NO_PROXY Protection Bypassed via RFC 1122 Loopb
github.com · 2026-04-25

# Vulnerability Summary: Axios NO_PROXY Protection Bypass (CVE-2025-62718) ## 1. Vulnerability Overview * **Vulnerability Name**: [Patch Bypass] Incomplete Fix for GHSA-3p68-rc4w-qqx5 (CVE-2025-62718)…

Read more
:lock: https://github.com/siyuan-note/siyuan/security/advisories/GHSA… · siyuan-note/siyuan@bb481e1 · GitHub
github.com · 2026-04-25

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves a path traversal issue in the `kernel/server/server.go` file. An attacker can bypass sensitive file protection mechanisms …

Read more
Pipecast LivekitFrameSerializer Pickle Deserialization RCE (GHSA-c3jg-5cp7-6wc7)
github.com · 2026-04-24

# Vulnerability Summary: Pipecast Remote Code Execution Vulnerability ## Overview * **Vulnerability Name**: Remote Code Execution (RCE) caused by Pickle deserialization via `LivekitFrameSerializer` * …

Read more
pyLoad Session Management Fix for GHSA-60hx-chf7-3332
github.com · 2026-04-22

# Vulnerability Summary ## Overview - **Vulnerability Type**: Improper User Session Management - **Impact**: When a user is modified/deleted or their password is changed, sessions are not properly inv…

Read more
Tekton Pipelines git resolver API token leakage vulnerability (GHSA-2d5r-9pm-2w5c)
github.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: Git resolver API mode leaks system-configured API token to user-controlled serverURL - **Vulnerability Description**: In API mode, Tekton Pipelines…

Read more
OpenProject Cross-Project Agenda Injection Vulnerability (GHSA-hh5p-gwfh-h245)
github.com · 2026-04-21

# OpenProject Cross-Project Meeting Agenda Injection Vulnerability (GHSA-hh5p-gwfh-h245) ## Vulnerability Overview OpenProject has an **Unscoped Section Lookup** vulnerability. An attacker with the `m…

Read more
GHSA-526v-vm72-4vd4: Sail XWD Parser Invalid BPP Handling Vulnerability
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: Improper handling of invalid bpp (bits per pixel) - **Vulnerability ID**: GHSA-526v-vm72-4vd4 - **Affected Components**: `src/sail-codecs/…

Read more
Maddy LDAP Injection Fix GHSA-5835-4gvc-32pc
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: auth/ldap: Fix GHSA-5835-4gvc-32pc - **Vulnerability Description**: Add proper escaping when constructing LDAP search filter expressions. ### Impac…

Read more
Dataease GHSA-944x-93jf-h3rx Arbitrary File Read via JDBC Parameter Bypass and POC
github.com · 2026-04-18

# Arbitrary File Read Vulnerability ## Overview * **Vulnerability Type**: Arbitrary File Read * **Severity**: High * **Vulnerability ID**: GHSA-944x-93jf-h3rx * **Affected Component**: `io.dataease` (…

Read more
Sail Library BPP48-CIE-LAB Format Handling Vulnerability (GHSA-rcqx-gc76-r9mv)
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Support for BPP48-CIE-LAB Report in GHSA-rcqx-gc76-r9mv - **Description**: This vulnerability involves support for the BPP48-CIE-LAB forma…

Read more
Chamilo LMS Stored XSS via Malicious File Upload (GHSA-273p-jw9w-3g22)
github.com · 2026-04-18

# Vulnerability Summary: Stored XSS Vulnerability in Chamilo LMS ## Overview - **Vulnerability Name**: Stored XSS via Malicious File Upload in Social Post Attachments Leading to Arbitrary JavaScript E…

Read more
LibreNMS Remote Code Execution via Binary Path Manipulation (GHSA-pr3g-phhr-h8fh)
github.com · 2026-04-18

# LibreNMS Remote Code Execution Vulnerability (GHSA-pr3g-phhr-h8fh) ## Vulnerability Overview LibreNMS contains a remote code execution vulnerability. An attacker can modify the **binary path setting…

Read more
ImageMagick GHSA-26qp-ffjh-2x4v Memory Allocation Error DoS Vulnerability and Fix Analysis
github.com · 2026-04-18

# ImageMagick Security Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: GHSA-26qp-ffjh-2x4v - **Vulnerability Type**: Memory Allocation Error - **Trigger Condition**: When proce…

Read more
LobeHub Auth Bypass via XOR-obfuscated Header (GHSA-5m9j-5jsw-5c97) and Fix
github.com · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** This is an Authentication Bypass vulnerability. An attacker can bypass authentication by forging the `X-lobes-chat-auth` request he…

Read more
GHSA-mmpq-5hcv-hf2v: Parse Server Login Timing Side-Channel User Enumeration
github.com · 2026-04-08

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name:** Login timing side-channel reveals user existence * **Security Advisory ID:** GHSA-mmpq-5hcv-hf2v * **V…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.