Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 330— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Nextcloud Group Share Permission Bypass (GHSA-35gc-jc6x-29cm)
github.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Shares are not removed when user is lim…

Read more
Nextcloud User Password Cleartext in Memory Vulnerability (GHSA-w7v5-mgxm-v6gm)
github.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: User password is available in memory of…

Read more
Nextcloud Tables Information Disclosure Vulnerability (GHSA-rgvc-xr2w-qq45)
github.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Share information of Tables app is not …

Read more
Nextcloud SVG Preview Information Disclosure Vulnerability (GHSA-5m5g-hw8c-2236) and Patch
github.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Incomplete sanitization of SVG files al…

Read more
Nextcloud Mail App GHSA-pwpp-fvcr-w862 Share Download Permission Bypass
github.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Mail app does not respect download perm…

Read more
Ampache 7.0.0 Stored XSS Vulnerability (GHSA-4xw5-f7xm-vpw5) Leading to Account Takeover
github.com · 2024-11-17

From this webpage screenshot, the following key vulnerability information can be extracted: 1. **Vulnerability Name**: `Stored Cross-Site Scripting | Admin Account Takeover | Custom URL-Favicon` 2. **…

Read more
GHSA-cw6g-qmjq-6w2w: Arbitrary File Read via Email Template Abuse with PoC
github.com · 2024-11-17

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Read Arbitrary System Files 2. **Severity**: High (7.7/10) 3. **Publishe…

Read more
GHSA-p69m-h9rw-584v: data.all Authentication Token Not Invalidated on Logout
github.com · 2024-11-11

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: data.all does not invalidate authentica…

Read more
iTop GHSA-2hmf-p27w-phf9 Unauthenticated User Enumeration Vulnerability
github.com · 2024-11-09

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Users enumeration allowed through Rest API 2. **Severity**: High (7.5/10…

Read more
jj <0.23.0 Path Traversal via Crafted Git Repositories (GHSA-88h5-6w7m-5w56)
github.com · 2024-11-09

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Path traversal via crafted Git reposito…

Read more
SuiteCRM Module Installation Blacklist Bypass Leading to RCE (GHSA-9v56-vhp4-x227)
github.com · 2024-11-09

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: ModuleScanner flaws 2. **Severity**: High (7.2/10) 3. **Publisher**: jac…

Read more
GHSA-qrv6-3q86-qv89: ModuleBuilder RCE via Unvalidated Filesystem Write
github.com · 2024-11-09

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: RCE in ModuleBuilder 2. **Publisher**: jack7anderson7 3. **Vulnerability…

Read more
GHSA-96fx-5rqv-jfxh: Stored XSS in Zusam via SVG allows API key theft
github.com · 2024-11-03

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: `Stored XSS allowing token theft via crafted SVG` 2. **Severity**: `High…

Read more
Consensys gnark Deserialization DoS via Crafted Inputs (GHSA-cph5-3pgr-c82g)
github.com · 2024-11-03

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: Out-of-memory during deserialization with crafted in…

Read more
OpenRefine <3.8.3 Unescaped Error Page XSS (GHSA-j8hp-f2mj-586g)
github.com · 2024-10-26

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Error page lacks escaping, leading to p…

Read more
pyload GHSA-w7hq-f2pj-c53g Remote Code Execution via Flashgot API
github.com · 2024-10-28

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Remote code execution by download to /p…

Read more
Duende IdentityServer DPOp Access Token Validation Bypass (GHSA-v9xq-2mvm-x8xc)
github.com · 2024-10-30

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Impact**: IdentityServer's Local API authentication handler p…

Read more
Waitress HTTP Pipelining Race Condition Vulnerability (GHSA-9298-4cf8-g4wj)
github.com · 2024-10-30

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Request processing race condition in HT…

Read more
GHSA-789x-wph8-m68r: Lack of JWT issuer and signer validation in AWS ALB Route Directive Adapter for Istio
github.com · 2024-10-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: [awslabs/aws-alb-route-directive-adapte…

Read more
Livewire <3.5.2 File Upload RCE Vulnerability Analysis (GHSA-f3cx-396f-7jqp)
github.com · 2024-10-10

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Livewire Remote Code Execution on File Uploads 2. **Severity Level**: Hi…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.