Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Gitea Notification Information Unauthorized Access Fix (GHSA-2vgv-hqv4-22mh)
github.com · 2026-01-27

By analyzing the screenshot of this webpage, we can extract the following key information about the vulnerability: - **Vulnerability Description:** After a user’s access to a repository is revoked, th…

Read more
Skipper ExternalName SSRF Leading to Internal Service Exposure (GHSA-mxxc-p822-2hx9)
github.com · 2026-01-27

## Key Information - **Vulnerability Name:** dataclient/kubernetes ExternalName SSRF Leading to Internal Service Exposure - **Publisher:** szeucs - **Vulnerability ID:** GHSA-mxxc-p822-2hx9 - **Releas…

Read more
CVAT Privilege Escalation Fix via is_staff/is_superuser Bypass (GHSA-7pvv-w55f-qmw7)
github.com · 2026-01-27

### Critical Vulnerability Information #### 1. **Vulnerability Overview** - **Description**: A vulnerability in the website allows regular users to escalate their privileges to superuser level, thereb…

Read more
ImageMagick Vulnerability Fixes: RCE/DoS/Memory Errors (GHSA Series)
github.com · 2026-01-27

From this webpage screenshot, we can extract the following key vulnerability information: ### Key Vulnerability Information - **ImageMagick#8496**: - **Issue Description**: Check if the aspect ratio i…

Read more
React Router ScrollRestoration SSR XSS Vulnerability (GHSA-8v8x-cx79-35w7)
github.com · 2026-01-20

### Key Information - **Vulnerability Description**: - **Type**: XSS (Cross-Site Scripting) - **Affected Component**: React Router's `` API in Framework Mode, when using `getKey`/`storageKey` props. I…

Read more
pam_pkcs11 0.6.12 Authentication Bypass Vulnerability (GHSA-7mf6-rg36-ggch)
github.com · 2026-01-20

### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: pam_pkcs11 0.6.12 allows authentication bypass in error situations - **Release Date**: 2025-02-09 - **Reporter**: fran…

Read more
Docmost ZipSlip Arbitrary File Write via Import Feature (GHSA-54pm-hqxm-54wg)
github.com · 2026-01-20

## Vulnerability Overview - **Vulnerability Type**: Arbitrary File Write via Zip Import Function (ZipSlip) - **Publisher**: Philipinho - **Report ID**: GHSA-54pm-hqxm-54wg - **Release Date**: 4 days a…

Read more
Avahi avahi-daemon Local DoS via D-Bus when wide-area disabled (GHSA-mhf3-865v-g5rc)
github.com · 2026-01-20

## Critical Vulnerability Information - **Vulnerability Description**: - When the wide-area feature is disabled, an unauthorized local user can cause avahi-daemon to crash by creating a record browser…

Read more
GHSA-j9xq-69pf-pcm8: DoS in SM2-PKE decrypt() via Insufficient Length Validation
github.com · 2026-01-20

### Key Information #### Vulnerability Title - Insufficient Length Validation in decrypt() in SM2-PKE #### Vulnerability ID - GHSA-j9xq-69pf-pcm8 #### Affected Versions - 0.14.0-rc.0, 0.14.0-pre.0 ###…

Read more
RustFS IAM deny_only Short-Circuit Privilege Escalation via Service Account Forgery (GHSA-xgr5-qc6w-vcg9)
github.com · 2026-01-20

## Key Information Summary ### Vulnerability Overview - **Vulnerability Name**: RustFS IAM `deny_only` Short-Circuit Allows Privilege Escalation via Service Account Forgery - **Vulnerability ID**: GHS…

Read more
Skipper <v0.23 Arbitrary File Read via Default Lua Scripting (GHSA-cc8m-98fm-rc9g)
github.com · 2026-01-20

## Key Vulnerability Information ### Vulnerability Description - **Affected Versions:** < v0.23 - **Vulnerability Type:** Security issue related to Lua scripting being disabled by default. - **Detaile…

Read more
Fickling GHSA-h4rm-mm56-xf63: Fix AST node emission for builtins imports
github.com · 2026-01-20

### Key Information Summary #### 1. **Vulnerability Description** - A vulnerability related to AST nodes being emitted for `builtins` imports has been fixed. - This fix addresses a specific GitHub Sec…

Read more
Hermes: Fix Sensitive Data Logging Vulnerability (GHSA-jm5j-jfrm-hm23)
github.com · 2026-01-20

- **Security Related Updates**: - A security patch has been implemented to prevent raw logging of values that could include arbitrary secrets. - The fix is related to vulnerability identified in the a…

Read more
GHSA-99qp-xh4q-pr9x: Persistent Session Access After User Disable or Password Change (CVE-2025-66289)
github.com · 2025-12-04

## Critical Vulnerability Information ### Vulnerability Name Persistent Session Access Caused by Missing Invalidation After User Disable and Password Change ### Vulnerability ID GHSA-99qp-xh4q-pr9x ##…

Read more
Ray Framework RCE via Disabled Default Token Authentication (GHSA-w8vc-465m-jjw6)
github.com · 2025-11-27

## Key Information ### Vulnerability Summary - **Vulnerability Name**: Ray: New Token Authentication is Disabled By Default - **CVE ID**: Currently unknown - **GHSA ID**: GHSA-w8vc-465m-jjw6 - **Sever…

Read more
GHSA-r7gx-h738-4w6f: RCE Fix in PDF Report Generation via URL Escaping
github.com · 2025-11-19

- **Vulnerability Type**: Remote Code Execution (RCE) - **Cause**: Insufficient escaping of URLs when generating PDF reports from custom URLs, leading to unexpected shell spawning. - **Fix**: Addresse…

Read more
Piwigo GHSA-9986-w7jf-33f6 Password Reset Vulnerability Fix
github.com · 2025-11-19

From this webpage screenshot, the following key vulnerability-related information can be extracted: - **Vulnerability Fix Commit**: Commit `9d25654` by LintyDev addresses two security vulnerabilities …

Read more
GHSA-2h6c-j3gf-xp9r: Fix panic in Go bitfield causing DoS
github.com · 2025-11-14

### Key Information Summary #### Vulnerability Details - **Vulnerability ID**: GHSA-2h6c-j3gf-xp9r - **Vulnerability Type**: Crashes or potential security risks due to improper input handling and erro…

Read more
Go SDK Enclave PCR Attestation Check Fix (GHSA-88h9-77c7-p6w4)
github.com · 2025-11-14

### Key Information - **Vulnerability ID**: GHSA-88h9-77c7-p6w4 - **Vulnerability Description**: - `GoVulnBot` references a potential Go vulnerability, linked to: `golang/vulndb#4112` - **Related Comm…

Read more
pms Private Message System XSS Vulnerability Fix (GHSA-4hwx-678w-9cp5)
github.com · 2025-11-10

This webpage screenshot shows a GitHub repository's code commit page, fixing an XSS vulnerability. Below are the key details of the commit: - **Commit Information**: - Fixed vulnerability: GHSA-4hwx-6…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.