Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 354— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Zebra 4.4.0 Security Fixes: GHSA Vulnerabilities and RPC Hardening
github.com · 2026-05-09

### Vulnerability Overview Zebra version 4.4.0 includes multiple security and bug fixes. The primary security issues addressed are: 1. **Fix for signature count vulnerability** (GHSA-jv4h-j224-23cc) 2…

Read more
CVSS 4.3
n8n-mcp Log Information Disclosure Vulnerability (GHSA-wq4g-395p-mqv3)
github.com · 2026-05-09

# Vulnerability Summary ## Overview - **Vulnerability ID**: GHSA-wq4g-395p-mqv3 - **Severity**: CVSS 4.3 Medium - **Description**: Raw tool-call arguments from MCP (Model Context Protocol) tool invoca…

Read more
CVSS 6.3
Lemmy SSRF via Webmention (GHSA-3jvj-v6w2-h948)
github.com · 2026-05-09

# SSRF Vulnerability Summary: /api/v3/post via Webmention Dispatch ## Vulnerability Overview - **Vulnerability Name**: SSRF (Server-Side Request Forgery) - **Vulnerability ID**: GHSA-3jvj-v6w2-h948 - …

Read more
CVSS 6.5
GHSA-f5c8-m9vw-rmqg: Improper Authorization in nova-toggle for Laravel Nova allowing unauthorized boolean field modifica
github.com · 2026-05-09

# Vulnerability Overview **Title**: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields **Vulnerability ID**: GHSA-f5c8-m9vw-rmqg **Severity**: Moderate (6.5 / 10…

Read more
Release v3.11.0 · patriksimek/vm2 · GitHub
github.com · 2026-05-05

### Vulnerability Overview - **v3.11.0** has been released, containing multiple security fixes and new features. - It primarily addresses 13 security vulnerabilities involving various attack types, su…

Read more
CVSS 9.1
Nix Unsafe NAR Unpacking Arbitrary File Write (CVE-2024-45593)
github.com · 2024-09-11

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Name**: Unsafe NAR unpacking 2. **Severity**: Critical (9.1/10) 3. **Publisher**: edolstra…

Read more
CVSS 7.1
Sentry CVE-2024-45606 Improper Authorization on Alert Rule Muting
github.com · 2024-09-19

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Improper authorization on muting of ale…

Read more
CVSS 5.3
Discourse CVE-2024-45297 Unauthorized Access to Hidden Tag Topics
github.com · 2024-10-09

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: Prevent topic list filtering by hidden tags for unau…

Read more
Premium intel
CVSS 10.0
CraftCMS Remote Code Execution Vulnerability (CVE-2023-41892)
github.com · 2025-11-06

### Vulnerability Key Information #### Vulnerability Title Remote Code Execution #### Vulnerability ID GHSA-4w8r-3xrw-v25g #### Release Date September 13, 2023 #### Vulnerability Severity CVSS v3 Seve…

Read more
CVSS 4.6
CVE-2025-64494: ANSI escape sequence injection in user input
github.com · 2025-11-09

### Vulnerability Overview - **Vulnerability Name**: ANSI escape sequences not being sanitized in user input - **Publisher**: caarlos0 - **Vulnerability ID**: GHSA-fv2r-r8mp-pg48 - **Release Date**: 3…

Read more
CVSS 6.5
DoS in vLLM Idefics3 Vision Models via Ambiguous Image Dimensions
github.com · 2026-01-20

### Key Information Summary #### Vulnerability Overview - **Vulnerability Name**: DoS in Idefics3 vision models via image payload with ambiguous dimensions - **Identifier**: GHSA-grg2-63fw-f2qr - **Ri…

Read more
SvelteKit CVE-2026-22803 Memory Amplification DoS in Remote Functions
github.com · 2026-01-20

## Critical Vulnerability Information ### Vulnerability Overview - **Vulnerability Title**: `Memory amplification DoS in Remote Functions binary form deserializer (application/x-sveltekit-formdata)` -…

Read more
CVSS 5.9
CVE-2026-23991: TUF Client DoS via Malformed Metadata Response
github.com · 2026-01-27

## Critical Vulnerability Information ### Vulnerability Overview - **Name**: Client DoS via malformed server response - **ID**: GHSA-846p-jg2w-w324 - **Severity**: Moderate (5.9/10) - **CVE ID**: CVE-…

Read more
openclaw skills.status Secret Leakage Vulnerability (CVE-2026-26326)
github.com · 2026-02-21

## Vulnerability Key Information - **Vulnerability Overview** - Vulnerability Title: skills.status could leak secrets to operator.read clients - Vulnerability Identifier: GHSA-8mh7-phf8-xgfm - Severit…

Read more
Discord CVE-2026-27484: Untrusted sender identity in tool-driven moderation flows
github.com · 2026-02-22

### Key Vulnerability Information #### Overview - **Vulnerability Name**: Discord moderation authorization used untrusted sender identity in tool-driven flows - **Severity**: Moderate - **CVE ID**: CV…

Read more
Parse Dashboard CSRF Vulnerability in Agent Endpoint (CVE-2026-27609)
github.com · 2026-02-25

Based on the provided web page screenshot, the following key information about the vulnerability can be obtained: ### Vulnerability Basic Information - **Vulnerability ID**: GHSA-3534-xp88-25rc - **CV…

Read more
CVSS 7.5
Discourse Patreon Plugin Authentication Bypass via Empty Webhook Secret (CVE-2026-26078)
github.com · 2026-02-27

### Key Information #### Vulnerability Details - **Title**: Authentication bypass vulnerability in the Patreon plugin webhook endpoint - **Identifier**: GHSA-frx4-wg35-4r68 - **Publisher**: davidtaylo…

Read more
Parse Server Authorization Bypass in File Download via Range Header
github.com · 2026-04-02

## Vulnerability Summary ### Vulnerability Overview **GHSA-hp98-9qx6-jwvv**: A file download bypass vulnerability exists in Parse Server, allowing attackers to perform streaming file downloads via the…

Read more
CVSS 7.5
Magick.NET 14.12.0 Security Update: Fixes ImageMagick Heap/Stack Overflows and OOB Read Vulnerabilities
github.com · 2026-04-18

# Magick.NET 14.12.0 Vulnerability Summary ## Vulnerability Overview Magick.NET version 14.12.0 fixes multiple security vulnerabilities originating from ImageMagick, including heap overflow, stack ove…

Read more
Premium intel
CVSS 9.0
FreeScout 1.8.213 Security Update: Fixes XSS, Unauthorized Access, and Token Forgery
github.com · 2026-04-21

### Vulnerability Overview The webpage screenshot shows the changelog for version `1.8.213` of the `freescout-help-desk` project, which includes multiple security-related fixes. These fixes address va…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.