Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Datasette Open Redirect Vulnerability (GHSA-w832-qq5g-x44m)
github.com · 2025-11-09

- **Issue Title**: Datasette server redirects //example.com/ to https://example.com #2429 - **Status**: Closed - **Labels**: bug, security - **Milestone**: Datasette 1.0a21 - **Participants**: psd, ja…

Read more
CVAT API File Overwrite Vulnerability Fix (GHSA-x396-w86c-qf6w)
github.com · 2025-11-09

### Vulnerability Description Fixed a security vulnerability where users could specify a particular parameter combination `"storage": "share", "remote_files": [...]` to download files to a shared dire…

Read more
KubeVirt GHSA-ggp9-c99x-54gp Improper TLS Certificate Management Allows API Identity Spoofing
github.com · 2025-11-09

### Critical Vulnerability Information #### Vulnerability Name Improper TLS Certificate Management Handling Allows API Identity Spoofing #### Vulnerability ID GHSA-ggp9-c99x-54gp #### Vulnerability Se…

Read more
msgpack5 Prototype Pollution Fix (GHSA-gmwj-49p4-pcfm)
github.com · 2025-11-09

### Key Information Extraction #### Vulnerability Fix Details - **Vulnerability Type**: `Prototype Pollution` - `msgpack5` could allow object prototype tampering due to the `__proto__` property. - **F…

Read more
GraphQL Router Authorization Plugin Bypass via Polymorphic Types and Directive Renames
github.com · 2025-11-09

From the webpage screenshot, the following key vulnerability information can be obtained: - **Security Section**: - The release includes security fixes that impact the authorization plugin's handling …

Read more
SQL Injection in ClipBucket Custom Fields plugin (GHSA-4g7x-j562-8g69)
github.com · 2025-11-06

### Critical Vulnerability Information #### Vulnerability Title SQL Injection in ClipBucket Custom Fields plugin #### Vulnerability ID GHSA-4g7x-j562-8g69 #### Risk Level Moderate (6.5/10) #### Affect…

Read more
ZimaOS 1.5.0 Unauthenticated User Enumeration via /v1/users/name API (GHSA-9mrr-px2c-w42c)
github.com · 2025-11-06

### Vulnerability Key Information - **Vulnerability ID**: GHSA-9mrr-px2c-w42c - **CVE ID**: No known CVE - **Affected Versions**: ZimaOS 1.5.0 - **Fixed Version**: None - **Severity**: Medium (CVSS Sc…

Read more
OpenWrt ubusd Heap Buffer Overflow and ACL Bypass (GHSA-cp32-65v4-cp73)
openwrt.org · 2025-10-23

### Key Information #### Vulnerability Description - **Vulnerability Type**: Heap Buffer Overflow - **Affected Component**: ubusd event registration parsing code - **Attack Vector**: Attackers can mod…

Read more
Cherry Studio Custom Protocol Command Injection via cherrystudio:// (GHSA-hh6w-rmj2-26f6)
github.com · 2025-10-11

### Critical Vulnerability Information #### Vulnerability Title One-click on a specific URL to cause a command to execute #### Vulnerability ID GHSA-hh6w-rmj2-26f6 #### Publication Time 19 hours ago #…

Read more
XWiki REST API HQL Injection Vulnerability (GHSA-gprp-h92g-gc2h)
jira.xwiki.org · 2025-10-07

### Critical Vulnerability Information - **Vulnerability Type**: HQL Injection via wiki and space search REST API - **Status**: Closed - **Priority**: Blocker - **Affected Versions**: 4.3-milestone-1 …

Read more
Tuleap Permission Bypass Vulnerability (CVE-2025-59040) GHSA Advisory
github.com · 2025-09-20

### Critical Vulnerability Information #### Vulnerability Title Backlog item representations do not verify the permissions of the child trackers #### Vulnerability ID GHSA-67xc-39v9-pffg #### Affected…

Read more
ImageMagick BMP Overflow Vulnerability Fix (GHSA-mxvv-97wh-cfmm)
github.com · 2025-08-28

### Key Information Summary - **Vulnerability Type**: Memory overflow - **Affected File**: coders/bmp.c - **Mitigation Measures**: - Introduced `BMPOverflowCheck` function - Added overflow checks for …

Read more
GHSA-494r-43f3 XSS Vulnerability Fix Analysis
github.com · 2025-08-23

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Type**: XSS (Cross-Site Scripting) - **Vulnerability ID**: GHSA-494r-43f3-p828 - …

Read more
HAXCMS listFiles.js Path Traversal Vulnerability Analysis (GHSA-9jr9-8ff)
github.com · 2025-07-26

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Security Advisory Link**: `https://github.com/haxtheweb/issues/security/advisories/GHSA-9jr9-8f…

Read more
GHSA-44q9-rg2q-5g99: Command Injection in Shell Installer Scripts
github.com · 2025-06-18

### Critical Vulnerability Information #### Vulnerability Name Command Injection via Unsanitized User Input (Low) #### Vulnerability ID GHSA-44q9-rg2q-5g99 #### Affected Versions =3.11.3 #### Severity…

Read more
FreeScout Insufficient Authorization Vulnerability (GHSA-f62r-8354-8pqg)
github.com · 2025-05-30

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Insufficient authorization [1] - **Product**: FreeScout - **Version**: v1.8.173 and 1.8.174 - **CVE ID**: CWE-863: Incorrect A…

Read more
GitHub CLI GHSA-jwcm-9g39-pmcw Auth Token Leak in Recursive Cloning
github.com · 2024-11-30

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Recursive repository cloning can leak a…

Read more
GHSA-h9q2-fcc6-r65c/CVE-2024-53855: Unauthorized Access to Other Org Tickets
github.com · 2024-11-30

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: User can view tickets from organization…

Read more
Prototype Pollution in Node.js convict (GHSA-4jrm-c32x-w4jf) with PoC
github.com · 2024-11-27

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. **Vulnerability Description**: - **Title**: Bug - Prototype Pollution on .set() #410 - **Descript…

Read more
Opencast GHSA-jh6x-7xfg-9cq2 Search Function Denial of Service Vulnerability
github.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Searching Opencast may cause a denial o…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.