Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 452— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
golang.org/x/crypto CVE-2025-22869 DoS via Slow Key Exchange
github.com · 2025-11-14

### Key Information - **Vulnerability Title:** golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange - **CVE ID:** CVE-2025-22869 - **GHSA ID:** GHSA-hcg3-q754-…

Read more
CVSS 7.5
CVE-2025-61684: quickly library DoS via invalid QUIC frame assertion failure
github.com · 2026-01-20

### Vulnerability Overview - **Package**: quickly - **CVE ID**: CVE-2025-61684 - **GHSA**: GHSA-wr3c-345m-43v9 - **Severity**: High (7.5/10) ### Impact - **Affected versions**: commits up to 5d08216 -…

Read more
Multer DoS via Resource Exhaustion (CVE-2026-2359) Advisory
github.com · 2026-02-28

## Key Vulnerability Information ### Vulnerability Title **Multer vulnerable to Denial of Service via resource exhaustion** ### Vulnerability ID **GHSA-v52c-386h-88mc** **CVE-2026-2359** ### CVSS v4.0…

Read more
CVSS 8.2
jq CVE-2026-3316 Integer Overflow Leading to Heap Buffer Overflow
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Integer overflow in `jvp_string_append` and `jvp_string_copy_replace_bad` allows heap buffer overflow - **CVE ID**: CVE-2026-3316 - **GHSA…

Read more
Plug.Cowboy Unauthenticated Remote DoS via HTTP/2 Atom Table Exhaustion (CVE-2025-3288)
github.com · 2026-04-27

# Vulnerability Overview **Title**: Unauthenticated remote DoS in Plug.Cowboy via HTTP/2 `:scheme` atom-table exhaustion **Severity**: High (8.7 / 10) **CVE ID**: CVE-2025-3288 **Reporter**: Peter Ull…

Read more
OpenClaw < 2026.4.4 - Rate-Limit Bypass via Concurrent Async Authentication Attempts | Advisories | VulnCheck
www.vulncheck.com · 2026-04-29

# OpenClaw < 2026.4.4 - Concurrent Asynchronous Authentication Attempts Bypass Rate Limiting ## Vulnerability Overview OpenClaw versions prior to 2026.4.4 contain a race condition vulnerability. This …

Read more
CVSS 7.5
CVE-2025-8101: multiparty Prototype Pollution DoS via Uncaught Exception
github.com · 2026-05-22

# Vulnerability Overview **Title**: multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception **CVE ID**: CVE-2025-8101 **GHSA ID**: GHSA-qxch-whhj-8956 **Severi…

Read more
Pode: Directory Traversal is possible on Static Routes · Advisory · Badgerati/Pode · GitHub
github.com · 2026-05-22

# Pode: Directory Traversal is possible on Static Routes ## Vulnerability Overview - **Vulnerability Type**: Directory Traversal - **Severity**: High - **CVSS Score**: 8.7 / 10 - **CVE ID**: CVE-2025-…

Read more
CSRF protection broken for authenticated users in RT 6 · Advisory · bestpractical/rt · GitHub
github.com · 2026-05-23

# RT 6 CSRF Protection Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Broken CSRF Protection for Authenticated Users in RT 6 - **CVE ID**: CVE-2025-41074 - **GHSA ID**: GHSA…

Read more
mermaid CSS Injection Vulnerability Fix Guide
github.com · 2026-05-23

### Vulnerability Overview This vulnerability involves the use of strings when creating CSS styles, which could lead to CSS injection issues. While this does not immediately result in other CSS vulner…

Read more
Synapse CPU Starvation DoS Vulnerability (CVE-2026-45078) Advisory
github.com · 2026-05-29

### Synapse CPU Starvation (Denial of Service) Vulnerability Summary #### Vulnerability Overview - **Vulnerability Name**: Synapse CPU Starvation (Denial of Service) - **Vulnerability ID**: GHSA-8q93-…

Read more
FreePBX CDR Reports Authenticated SQL Injection in ORDER BY (CVE-2026-4428)
github.com · 2026-05-29

### Vulnerability Overview **Vulnerability Name**: Authenticated SQL Injection via ORDER BY in CDR Reports **Vulnerability Description**: - This vulnerability exists in the CDR Reports module of FreeP…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.