Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
yt-dlp CVE-2025-54072 --exec Command Injection Bypass
github.com · 2025-07-26

### Key Information #### Vulnerability Overview - **Vulnerability Name**: `--exec` command injection when using placeholder on Windows (Bypass of CVE-2024-22423) - **Publisher**: bashonly - **Publicat…

Read more
AWS Wrappers for Aurora PostgreSQL Privilege Escalation (CVE-2025-12967)
aws.amazon.com · 2025-11-12

- **Bulletin ID**: AWS-2025-028 - **Scope**: AWS - **Content Type**: Important (requires attention) - **Publication Date**: 2025/11/10 10:15 AM PDT - **Description** - Vulnerability identified: CVE-20…

Read more
Git LFS Arbitrary File Write via Crafted Links (CVE-2025-26625)
github.com · 2025-10-18

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Git LFS may write to arbitrary files via crafted links - **CVE ID**: CVE-2025-26625 - **GHSA ID**: GHSA-6pvw-q552-53c5 #### Af…

Read more
pdfminer fix arbitrary code execution and directory traversal in font loading
github.com · 2025-11-11

From this webpage screenshot, the following key vulnerability information can be obtained: - **Fixes Applied**: - Fixed a remote code execution vulnerability when loading pickle font files. - Resolved…

Read more
Lightdash SSRF Vulnerability (CVE-2024-6586) Leads to Session Takeover
www.cve.org · 2024-09-01

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID**: CVE-2024-6586 2. **Release Date**: 2024-08-30 3. **Update Date**: 2024-08-…

Read more
Shopware Improper Control of Code Generation in Twig Views (CVE-2026-23498)
github.com · 2026-01-20

### Vulnerability Overview **Summary**: Improper Control of Generation of Code in Twig rendered views **Publisher**: mkraeml **Published**: 5 days ago **GHS Number**: GHSA-7cw6-7h3h-v8pf **CVE Number*…

Read more
CVE-2020-36439: ticketed_lock Data Race Vulnerability
rustsec.org · 2025-11-20

### Key Information - **ID**: RUSTSEC-2020-0119 - **CVE**: CVE-2020-36439 - **GHSA**: GHSA-77m6-x95j-75r5, GHSA-gq4h-f254-7cw9 - **Package**: ticketed_lock - **Type**: Vulnerability - **Categories**: …

Read more
Keycloak Low Privilege User Privilege Escalation via Admin API (CVE-2024-3656)
github.com · 2024-10-12

### Key Information #### Vulnerability Description - **Vulnerability Name**: Keycloak's admin API allows low privilege users to use administrative functions - **Severity**: High - **Affected Versions*…

Read more
AWS EMR Secret Agent Privilege Escalation via Keytab File (CVE-2025-8904)
github.com · 2025-09-20

### Critical Vulnerability Information - **CVE ID**: CVE-2025-8904 - **GHSA ID**: GHSA-hf6h-76fm-735v - **Severity**: Critical (9.0/10) - **CVSS v4 Base Metrics**: - Attack Vector: Network - Attack Co…

Read more
zrok CVE-2024-40302 Reflected XSS in GitHub OAuth Callback
github.com · 2026-04-18

# Vulnerability Overview **Vulnerability Name**: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering **Vulnerability Type**: Reflected Cross-Site Scripting (Reflecte…

Read more
APTRS Privilege Escalation Vulnerability Fix (CVE-2026-34406)
github.com · 2026-04-02

### Vulnerability Key Information Summary * **Vulnerability Overview**: A critical privilege escalation vulnerability exists in the APTRS project. * **Affected Scope**: The APTRS project (referenced a…

Read more
Rancher local-path-provisioner Path Traversal Vulnerability (CVE-2025-62878)
github.com · 2026-02-25

### Key Information Summary #### Vulnerability Overview - **CVE ID**: CVE-2025-62878 - **GHSA ID**: GHSA-jr3w-9vfr-c746 - **Vulnerability Type**: Path Traversal - **Severity**: Critical (CVSS v3 score…

Read more
Fiber v2 UUID Predictable on crypto/rand Failure (CVE-2025-66630)
github.com · 2026-02-10

## Vulnerability Overview - **Title**: Utils generate a predictable / zero-UUID on crypto/rand failure - **Severity**: Critical - **CVE ID**: CVE-2025-66630 - **GHSA ID**: GHSA-68rr-p4fp-j59v ## Affec…

Read more
OpenProject Stored HTML Injection and Repository Changes RCE via Git Argument Injection
github.com · 2026-02-07

### Critical Vulnerability Information #### Security Fixes - **GHSA-q523-c695-h3hp - Stored HTML Injection in Time Tracking** - OpenProject version 17.0.2 contains an HTML injection vulnerability in i…

Read more
runc CVE-2025-54867: Symlink bypass allows host rootfs access
github.com · 2025-08-15

### Critical Vulnerability Information #### Vulnerability Description - **Title**: If `/proc` and `/sys` in the root filesystem are symbolic links, they may be exploited to gain access to the host's r…

Read more
Sequoia PGP buffered-reader Out-of-Bounds Array Access DoS Vulnerability (CVE-2023-53161)
github.com · 2025-07-30

### Critical Vulnerability Information - **Vulnerability Name**: buffered-reader vulnerable to out-of-bounds array access leading to panic - **CVE ID**: CVE-2023-53161 - **GHSA ID**: GHSA-29mf-62xx-28…

Read more
Sequoia-PGP CVE-2023-53160 Out-of-bounds Read DoS Vulnerability
github.com · 2025-07-30

### Critical Vulnerability Information #### Vulnerability Overview - **Vulnerability Name**: sequoia-openpgp vulnerable to out-of-bounds array access leading to panic - **CVE ID**: CVE-2023-53160 - **…

Read more
GeoTools XXE Vulnerability (CVE-2025-30220) in XSD Schema Handling
github.com · 2025-06-11

### Key Information #### Vulnerability Name XML External Entity (XXE) Processing Vulnerability in XSD schema handling #### Severity - **CVSS v3 Base Score**: 9.9 / 10 - **Attack Vector**: Network - **…

Read more
gorilla/csrf CSRF Bypass Vulnerability (CVE-2025-24358) Analysis
github.com · 2025-05-14

### Critical Vulnerability Information #### Vulnerability Overview - **CVE ID**: CVE-2025-24358 - **GHSA ID**: GHSA-rq77-p4h8-4crw - **Severity**: Medium (5.4/10) - **Affected Versions**: < 1.7.3 - **…

Read more
MathLive CVE-2025-29049 XSS Vulnerability via \htmlData
github.com · 2025-04-09

### Key Information #### Vulnerability Overview - **CVE ID**: CVE-2025-29049 - **GHSA ID**: GHSA-qwj6-q94f-8425 - **Severity**: Medium (CVSS v3: 6.3/10) - **Affected Versions**: <img/onerror=alert(1) …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.