Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Parse Server GraphQL CORS Bypass Vulnerability Fix (GHSA-q3p6-g7c4-829c)
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability ID**: GHSA-q3p6-g7c4-829c / GHSA-q3p6-g7c4-829c (#10335) **Issue**: The GraphQL API endpoint ignores CORS origin restrictions, causing the GraphQL endpoint to…

Read more
Parse Server Unauthorized File Download via Range Header Bypass (GHSA-hpm8-9q6b-jwvw)
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability ID**: GHSA-hpm8-9q6b-jwvw **Vulnerability Type**: File Download Authorization Bypass **Issue**: Parse Server's file download functionality contains a security…

Read more
Parse Server Session Field Immutability Bypass via Null Values (GHSA-f6j3-w8v3-cq22)
github.com · 2026-04-02

## Vulnerability Overview **Session Field Immutability Bypass Vulnerability** - Attackers can bypass field immutability protections by setting critical fields (`expiresAt`, `createdWith`, `installatio…

Read more
Parse Server LiveQuery Protected Field Leak via Shared Mutable State (GHSA-m983-vzff-wq65)
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability Name**: LiveQuery protected field leak via shared mutable state across concurrent subscribers **CVE ID**: GHSA-m983-vzff-wq65 **Commit ID**: 5834e29 **Severit…

Read more
Parse Server LiveQuery Shared Mutable State Race Condition (GHSA-m883-v2ff-wq85)
github.com · 2026-04-02

## Vulnerability Summary ### Vulnerability Overview **LiveQuery Protected Fields Leak Shared Mutable State Through Concurrent Subscribers** (GHSA-m883-v2ff-wq85) This vulnerability exists in Parse Ser…

Read more
Keycloak REST API Password Validation Bypass via Missing validate_password Call (GHSA-gmpv-7j62-j873)
github.com · 2026-04-02

### Vulnerability Summary **Vulnerability Overview** This screenshot shows a security vulnerability fix Pull Request for the Keycloak project. The vulnerability exists in that when setting or changing…

Read more
libgos/captcha-protect v1.12.2 patch for GHSA-mh52-2j44-ee93
github.com · 2026-04-02

### Vulnerability Key Information Summary **Vulnerability Overview** The GitHub repository `libgos/captcha-protect` has released version `v1.12.2`, which fixes a security vulnerability. According to t…

Read more
Chromium URL Scheme Case-Insensitive Bypass of Deny-List (GHSA-rhzx-cwvy-q7j3)
github.com · 2026-04-02

# Chromium 通过不区分大小写的 URL 协议绕过拒绝列表 (GHSA-rhzx-cwvy-q7j3 的绕过) ### 漏洞概述 在 8.0 版本之前的 Chromium 中,`chrome://` 协议可通过使用混合大小写或全大写的 URL 协议(如 `Chrome://`)绕过拒绝列表检查。 ### 影响范围 * **受影响版本:** ```

Read more
Sulu CMS Security Fix Advisory (GHSA-6h7h-m7p5-hjgq)
github.com · 2026-04-02

## Vulnerability Key Information ### Vulnerability Overview - **Vulnerability ID**: GHSA-6h7h-m7p5-hjgq - **Type**: Security fix - **Fixed by**: @alexander-schranz - **Acknowledgments**: @sh4dowalker …

Read more
Telnyx Python Package Supply Chain Poisoning (GHSA-953r-262c-63c5) and Malware Analysis
github.com · 2026-04-02

# Telnyx Python Package Malicious Code Vulnerability (GHSA-953r-262c-63c5) ## Vulnerability Overview - **Date**: March 27, 2025 - **Attacker**: Exploited leaked PyPI credentials to directly upload mal…

Read more
TinaCMS Symlink Bypass Leading to Path Traversal (GHSA-gB7r-2gJ3-J9Sw)
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability Type**: Symlink/Path Traversal Bypass **Vulnerability IDs**: GHSA-gB7r-2gJ3-J9Sw, GHSA-gB2r-p725-3x07 **Core Issue**: The path validation in TinaCMS's media e…

Read more
ZimaOS GHSA-65mg-9gw5 Unauthorized File Creation via API Bypass
github.com · 2026-03-03

## Critical Vulnerability Information ### Vulnerability Overview - **Vulnerability Name**: ZimaOS v1.5.2-beta3 - Unauthorized Creation of Files/Folders in Restricted System Directories via API - **Vul…

Read more
XSS Fix Patch and GHSA-hc3c-8p55-xh4r Advisory
github.com · 2026-03-03

**Vulnerability Information in the Screenshot:** - **Commit Description**: - The commit message indicates that this change is to "Apply XSS removal when importing users." This suggests that prior code…

Read more
Path Traversal in Hex.pm Local File Store Backend (GHSA-42mv-r64p-4869)
github.com · 2026-02-27

### Vulnerability Key Information #### Basic Information - **Title**: Path Traversal in Local File Store Backend (Development and Self-Hosted Registry Setups) - **Publisher**: maennchen - **Published*…

Read more
Rucio WebUI Username Enumeration via Login Error Message (GHSA-38wq-6q2w-hcf9)
github.com · 2026-02-26

### Key Information #### Vulnerability Title - Username Enumeration via Login Error Message in Rucio WebUI #### Vulnerability ID - GHSA-38wq-6q2w-hcf9 #### Severity - Moderate (5.3/10) #### Affected V…

Read more
GHSA-243v-98vx-264h: Wasmtime WASI HTTP DoS Vulnerability
github.com · 2026-02-25

### Critical Vulnerability Information #### Vulnerability Overview - **Vulnerability ID**: GHSA-243v-98vx-264h - **CVE ID**: CVE-2026-27572 - **Severity**: Medium (CVSS v4 base score: 6.9/10) #### Imp…

Read more
GHSA-jcc6-f9v6-f7jw: Authenticated Full Read SSRF via Favicon Fetching (CVE-2026-27706)
github.com · 2026-02-26

### Key Information #### Vulnerability Details - **Title**: Full Read SSRF via Favicon Fetching in "Add Link" Feature - **ID**: GHSA-jcc6-f9v6-f7jw - **Publisher**: sriramveeraghanta - **Published**: …

Read more
Zed Editor Agent File Tools Symlink Escape Vulnerability (GHSA-786m-xzvc-5235)
github.com · 2026-02-26

### Key Vulnerability Information #### Vulnerability Title - **Symlink Escape in Agent File Tools** #### Vulnerability ID - GHSA-786m-xzvc-5235 #### Publisher and Time - swannysec, published 2 hours a…

Read more
GHSA-4q9f-mjxf-rx7x: wp-graphql Workflow Expression Injection Fix
github.com · 2026-02-26

### Critical Vulnerability Information #### Vulnerability Description - **Vulnerability ID**: GHSA-4q9f-mjxf-rx7x - **Type**: Expression Injection - **Affected Scope**: wp-graphql/v2.9.1 and earlier v…

Read more
GHSA-8c9r-pvrj-vcf5: Audiobookshelf Stored XSS Vulnerability
github.com · 2026-02-26

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Stored XSS - **ID**: GHSA-8c9r-pvrj-vcf5 - **Affected Component**: assets/WrappingMarquee.js - **Affected Versions**: `; - Cha…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.