Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 461— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.2
Fix SQL Injection in pug_user_getList via filter param (GHSA-53yq-c9jg-v3j2)
github.com · 2026-04-04

### 漏洞关键信息总结 **漏洞概述** 该提交修复了 `pug_user_getList` 函数中存在的 **SQL注入漏洞**。漏洞源于 `filter` 参数未经过滤,直接拼接到 SQL 查询语句中,攻击者可利用此漏洞执行任意 SQL 命令。 **影响范围** - **文件:** `includes/functions/pug_users.php` - **函数:** `pug_user_…

Read more
CVSS 8.1
Tandoor Recipes v2.6.4 Release Notes: GHSA Fixes for CSS Injection and Privilege Escalation
github.com · 2026-04-07

### Vulnerability Key Information Summary **Vulnerability Overview** This page contains the release notes for version **v2.6.4** of the open-source recipe management application **Tandoor Recipes**. T…

Read more
GHSA-mmpq-5hcv-hf2v: Parse Server Login Timing Side-Channel User Enumeration
github.com · 2026-04-08

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name:** Login timing side-channel reveals user existence * **Security Advisory ID:** GHSA-mmpq-5hcv-hf2v * **V…

Read more
Premium intel
CVSS 8.8
PyLoad API Privilege Escalation via Unrestricted Config Modification (GHSA-4744-96p5-mp2j) Fix Analysis
github.com · 2026-04-08

### Vulnerability Summary **1. Vulnerability Overview** This commit addresses two security advisories (GHSA-4744-96p5-mp2j and GHSA-w48f-ww4f-f5fr) within the PyLoad project. The vulnerability allows …

Read more
CVSS 5.0
LobeHub Auth Bypass via XOR-obfuscated Header (GHSA-5m9j-5jsw-5c97) and Fix
github.com · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** This is an Authentication Bypass vulnerability. An attacker can bypass authentication by forging the `X-lobes-chat-auth` request he…

Read more
LibreNMS Remote Code Execution via Binary Path Manipulation (GHSA-pr3g-phhr-h8fh)
github.com · 2026-04-18

# LibreNMS Remote Code Execution Vulnerability (GHSA-pr3g-phhr-h8fh) ## Vulnerability Overview LibreNMS contains a remote code execution vulnerability. An attacker can modify the **binary path setting…

Read more
CVSS 5.1
ImageMagick GHSA-26qp-ffjh-2x4v Memory Allocation Error DoS Vulnerability and Fix Analysis
github.com · 2026-04-18

# ImageMagick Security Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: GHSA-26qp-ffjh-2x4v - **Vulnerability Type**: Memory Allocation Error - **Trigger Condition**: When proce…

Read more
Premium intel
CVSS 9.8
GHSA-526v-vm72-4vd4: Sail XWD Parser Invalid BPP Handling Vulnerability
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: Improper handling of invalid bpp (bits per pixel) - **Vulnerability ID**: GHSA-526v-vm72-4vd4 - **Affected Components**: `src/sail-codecs/…

Read more
CVSS 8.2
Maddy LDAP Injection Fix GHSA-5835-4gvc-32pc
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: auth/ldap: Fix GHSA-5835-4gvc-32pc - **Vulnerability Description**: Add proper escaping when constructing LDAP search filter expressions. ### Impac…

Read more
Dataease GHSA-944x-93jf-h3rx Arbitrary File Read via JDBC Parameter Bypass and POC
github.com · 2026-04-18

# Arbitrary File Read Vulnerability ## Overview * **Vulnerability Type**: Arbitrary File Read * **Severity**: High * **Vulnerability ID**: GHSA-944x-93jf-h3rx * **Affected Component**: `io.dataease` (…

Read more
Premium intel
CVSS 9.8
Sail Library BPP48-CIE-LAB Format Handling Vulnerability (GHSA-rcqx-gc76-r9mv)
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Support for BPP48-CIE-LAB Report in GHSA-rcqx-gc76-r9mv - **Description**: This vulnerability involves support for the BPP48-CIE-LAB forma…

Read more
Chamilo LMS Stored XSS via Malicious File Upload (GHSA-273p-jw9w-3g22)
github.com · 2026-04-18

# Vulnerability Summary: Stored XSS Vulnerability in Chamilo LMS ## Overview - **Vulnerability Name**: Stored XSS via Malicious File Upload in Social Post Attachments Leading to Arbitrary JavaScript E…

Read more
CVSS 6.5
OpenProject Cross-Project Agenda Injection Vulnerability (GHSA-hh5p-gwfh-h245)
github.com · 2026-04-21

# OpenProject Cross-Project Meeting Agenda Injection Vulnerability (GHSA-hh5p-gwfh-h245) ## Vulnerability Overview OpenProject has an **Unscoped Section Lookup** vulnerability. An attacker with the `m…

Read more
CVSS 7.7
Tekton Pipelines git resolver API token leakage vulnerability (GHSA-2d5r-9pm-2w5c)
github.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: Git resolver API mode leaks system-configured API token to user-controlled serverURL - **Vulnerability Description**: In API mode, Tekton Pipelines…

Read more
CVSS 8.8
pyLoad Session Management Fix for GHSA-60hx-chf7-3332
github.com · 2026-04-22

# Vulnerability Summary ## Overview - **Vulnerability Type**: Improper User Session Management - **Impact**: When a user is modified/deleted or their password is changed, sessions are not properly inv…

Read more
Premium intel
CVSS 9.8
Pipecast LivekitFrameSerializer Pickle Deserialization RCE (GHSA-c3jg-5cp7-6wc7)
github.com · 2026-04-24

# Vulnerability Summary: Pipecast Remote Code Execution Vulnerability ## Overview * **Vulnerability Name**: Remote Code Execution (RCE) caused by Pickle deserialization via `LivekitFrameSerializer` * …

Read more
CVSS 2.2
SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) · Advisory · w
github.com · 2026-04-25

# SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) ## Vulnerability Overview At line 28 of the file `packages/integrations/cloudflare/src/utils…

Read more
CVSS 7.2
[Patch Bypass] Incomplete Fix for GHSA-3p68-rc4w-qgx5 (CVE-2025-62718) — NO_PROXY Protection Bypassed via RFC 1122 Loopb
github.com · 2026-04-25

# Vulnerability Summary: Axios NO_PROXY Protection Bypass (CVE-2025-62718) ## 1. Vulnerability Overview * **Vulnerability Name**: [Patch Bypass] Incomplete Fix for GHSA-3p68-rc4w-qqx5 (CVE-2025-62718)…

Read more
:lock: https://github.com/siyuan-note/siyuan/security/advisories/GHSA… · siyuan-note/siyuan@bb481e1 · GitHub
github.com · 2026-04-25

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves a path traversal issue in the `kernel/server/server.go` file. An attacker can bypass sensitive file protection mechanisms …

Read more
Premium intel
CVSS 8.1
GHSA-rfxr-8xpm-wrp7: Fix XXE by removing LIBXML_NOENT/NONET options
github.com · 2026-05-07

### Vulnerability Overview - **Vulnerability Type**: Code Injection Vulnerability - **Vulnerability Description**: In the `system/import/xml.php` file, the `export()` function contains a code injectio…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.