Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
PyLoad API Privilege Escalation via Unrestricted Config Modification (GHSA-4744-96p5-mp2j) Fix Analysis
github.com · 2026-04-08

### Vulnerability Summary **1. Vulnerability Overview** This commit addresses two security advisories (GHSA-4744-96p5-mp2j and GHSA-w48f-ww4f-f5fr) within the PyLoad project. The vulnerability allows …

Read more
Tandoor Recipes v2.6.4 Release Notes: GHSA Fixes for CSS Injection and Privilege Escalation
github.com · 2026-04-07

### Vulnerability Key Information Summary **Vulnerability Overview** This page contains the release notes for version **v2.6.4** of the open-source recipe management application **Tandoor Recipes**. T…

Read more
Fix SQL Injection in pug_user_getList via filter param (GHSA-53yq-c9jg-v3j2)
github.com · 2026-04-04

### 漏洞关键信息总结 **漏洞概述** 该提交修复了 `pug_user_getList` 函数中存在的 **SQL注入漏洞**。漏洞源于 `filter` 参数未经过滤,直接拼接到 SQL 查询语句中,攻击者可利用此漏洞执行任意 SQL 命令。 **影响范围** - **文件:** `includes/functions/pug_users.php` - **函数:** `pug_user_…

Read more
Poetry installer path traversal vulnerability fix (GHSA)
github.com · 2026-04-03

This webpage screenshot is a GitHub Pull Request (PR) page titled "Commits e659537" with the description "installer: fix path traversal (GHSA-...)". This indicates a commit that addresses a path trave…

Read more
Prometheus SSRF Path Traversal Fix (GHSA-wvq-7j5c-7h27)
github.com · 2026-04-03

* **Vulnerability Overview:** This is a fix for an SSRF (Server-Side Request Forgery) path traversal vulnerability.

Read more
aiohttp GHSA-766666 Fix request header validation to align with RFC 9110
github.com · 2026-04-02

### Vulnerability Overview * **Vulnerability ID**: GHSA-766666 * **Affected Component**: `aiohttp` (Python HTTP library) * **Description**: This commit addresses a flaw in the request header value val…

Read more
Parse Server LiveQuery Protected Field Guard Bypass (GHSA-mmg8-87c5-jrc2)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview - **Vulnerability Name**: LiveQuery protected-field guard bypass via array-like logical operator value - **CVE/GHSA ID**: GHSA-mmg8-…

Read more
parse-server GHSA-f6j3-w9v3-cq22 Session Field Immutability Bypass Vulnerability
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview - **Vulnerability Name**: Session field immutability bypass via falsy-value guard - **CVE/GHSA ID**: GHSA-f6j3-w9v3-cq22 - **Vulnera…

Read more
Parse Server LiveQuery Protected-Field Guard Bypass (GHSA-mmg8-87c5-jrc2)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview - **Vulnerability Name**: LiveQuery protected-field guard bypass via array-like logical operator value - **CVE/GHSA ID**: GHSA-mmg8-…

Read more
Parse Server Cloud Function Validator Bypass via Prototype Chain Traversal (GHSA-vpj2-qq7w-5qq6)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview | Item | Content | |:---|:---| | **Vulnerability Name** | Cloud function validator bypass via prototype chain traversal | | **Vulner…

Read more
Parse Server GraphQL Query Complexity Validator DoS via Exponential Fragment Traversal (GHSA-mf3j-6cp4-m98c)
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability Type**: GraphQL Query Complexity Validator Exponential Fragment Traversal Denial of Service (DoS) **CVE ID**: GHSA-mf3j-6cp4-m98c **Description**: Parse Serve…

Read more
Parse Server /verifyPassword MFA Secret Leakage Vulnerability (GHSA-wp7p-gg32-8258)
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability ID**: GHSA-wp7p-gg32-8258 **Issue**: The `/verifyPassword` endpoint in Parse Server contains an **authentication data leakage vulnerability**. When multi-fact…

Read more
Parse Server GraphQL Complexity Validator DoS via Fragment Fan-out (GHSA-mf9j-6p94-m8bc)
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability Type**: GraphQL Complexity Validator Exponential Fragment Traversal Denial of Service (DoS) **CVE ID**: GHSA-mf9j-6p94-m8bc, GHSA-mfj8-dp5d-m8bc **Description…

Read more
Parse Server MFA One-Time Token Bypass via Race Condition (GHSA-w73w-g5sw-rw9f)
github.com · 2026-04-02

## Vulnerability Summary ### Vulnerability Overview **MFA Single-Use Token Bypass via Concurrent authData Login Requests** ([GHSA-w73w-g5sw-rw9f]) This vulnerability allows attackers to bypass the MFA…

Read more
Parse Server Prototype Pollution Bypasses Cloud Function Auth (GHSA-vpj2-4q7w-5qq8)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview **Vulnerability Name**: Cloud Function validator bypass via prototype chain traversal **CVE ID**: GHSA-vpj2-4q7w-5qq8 **Vulnerabilit…

Read more
Parse Server Cloud Functions Prototype Pollution Bypasses Auth (GHSA-vpj2-q7w7-5qgg)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview **GHSA-vpj2-q7w7-5qgg**: Cloud Function Validator Bypass Vulnerability (Prototype Chain Traversal Attack) Attackers can bypass Cloud…

Read more
Parse Server GHSA-wp7p-gg32-8258 MFA Auth Data Exposure via verifyPassword Endpoint
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability ID**: GHSA-wp7p-gg32-8258 **Vulnerability Title**: Auth data exposed via verify password endpoint **Type**: Information Disclosure Vulnerability **Severity**:…

Read more
Parse Server GraphQL CORS Bypass Vulnerability (GHSA-q3p6-q7c4-82gc) Fix Analysis
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability ID**: GHSA-q3p6-q7c4-82gc **Vulnerability Title**: GraphQL API endpoint ignores CORS origin restriction This vulnerability causes Parse Server's GraphQL endpo…

Read more
Parse Server GHSA-w73w-g5sw-rwhf MFA Recovery Code Reuse via Concurrent Requests
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability ID**: GHSA-w73w-g5sw-rwhf **Vulnerability Type**: MFA (Multi-Factor Authentication) Single-Use Token Bypass **Vulnerability Description**: Attackers can bypas…

Read more
OpenClaw writeFile TOCTOU Race Condition Sandbox Escape (GHSA-xvx8-77m6-gw6g)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview **Vulnerability Title**: Sandbox `writeFile` commit could race outside the validated path **CVE ID**: GHSA-xvx8-77m6-gw6g **Vulnerab…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.