Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 354— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.1
zrok CVE-2024-40302 Reflected XSS in GitHub OAuth Callback
github.com · 2026-04-18

# Vulnerability Overview **Vulnerability Name**: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering **Vulnerability Type**: Reflected Cross-Site Scripting (Reflecte…

Read more
Release Weblate 5.17.1 · WeblateOrg/weblate · GitHub
github.com · 2026-05-07

# Weblate 5.17.1 Security Vulnerability Summary ## Vulnerability Overview This version fixes multiple security vulnerabilities, primarily involving input validation, enumeration attacks, and permissio…

Read more
Release 1.8.217 · freescout-help-desk/freescout · GitHub
github.com · 2026-05-08

# Vulnerability Summary ## Overview This page is the release page for the GitHub repository `freescout-help-desk / freescout`. Version `1.8.217` fixes multiple security vulnerabilities, including path…

Read more
Bash Command Injection in Gradle Completion (CVE-2026-25063)
github.com · 2026-01-30

## Bash command injection in gradle-completion ### Vulnerability Details - **Package:** gradle-completion (Gradle) - **CVE ID:** CVE-2026-25063 - **GHSA ID:** GHSA-qggc-44r3-cjgv ### Severity - **Seve…

Read more
Premium intel
CVSS 10.0
Arbitrary Code Execution in Postiz-app GitHub Actions Workflow (CVE-2026-42298)
github.com · 2026-05-09

# Vulnerability Summary ## Overview - **Vulnerability Name**: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev - **Vulnerability Type**: Arbitrary Co…

Read more
CVSS 5.5
sigstore timestamp-authority Improper Certificate Validation Bypass (CVE-2020-39984)
github.com · 2026-04-18

# Vulnerability Overview **Title**: Improper Certificate Validation in verifier **Severity**: Moderate (5.5 / 10) **CVE ID**: CVE-2020-39984 **GHSAs**: GHSA-xm5m-wgh2-rrg3 **Release Date**: 3 days ago…

Read more
CVSS 8.8
Heap Buffer Overflow in iccDEV icCurvesFromXml() (CVE-2026-24412)
github.com · 2026-01-27

### Key Information Summary #### Vulnerability Details - **Vulnerability Name**: Heap Buffer Overflow in icCurvesFromXml() - **CVE ID**: CVE-2026-24412 - **Publisher**: xsscx - **Publication Time**: 3…

Read more
Premium intel
CVSS 9.1
SiYuan Arbitrary File Write to RCE via /api/file/copyFile (CVE-2026-25539)
github.com · 2026-02-05

- **Vulnerability Description**: `Arbitrary File Write via /api/file/copyFile leading to RCE` - **Vulnerability Type**: `Improper Limitation of a Pathname to a Restricted Directory (CWE-22)` - **Affec…

Read more
CVSS 8.4
Command Injection in systeminformation via unsanitized iface parameter (CVE-2026-26280)
github.com · 2026-02-21

## Vulnerability Key Information ### Vulnerability Title Command Injection via unsanitized interface parameter in wifi.js retry path ### Vulnerability Identifiers - GHSA ID: GHSA-9c88-49p5-5ggf - CVE …

Read more
Parse Dashboard CVE-2026-27608 Missing Authorization on Agent Endpoint
github.com · 2026-02-25

From this webpage screenshot, the following critical information regarding the vulnerability can be obtained: 1. **Vulnerability Information** - **Vulnerability Title**: Missing Authorization on Agent…

Read more
BerriAI litellm Authenticated Command Execution via MCP Endpoints (CVE-2026-4271)
github.com · 2026-05-08

# BerriAI / litellm Authenticated Command Execution Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Authenticated command execution via MCP stdio test endpoints - **CVE ID**:…

Read more
iodine RubyGem Path Traversal Vulnerability (CVE-2024-22050) Advisory
github.com · 2025-11-07

### Key Information - **CVE ID**: CVE-2024-22050 - **GHSA ID**: GHSA-85rf-xh54-whp3 - **Package**: iodine (RubyGems) - **Affected Versions**: < 0.7.34 - **Patched Versions**: 0.7.34 - **Severity**: Lo…

Read more
CVSS 4.5
Apptainer <1.4.5 --security Option Bypass Vulnerability (CVE-2025-65105)
github.com · 2025-12-04

## Vulnerability Key Information **Basic Information** - **Vulnerability Name**: Ineffective application of selinux / apparmor --security option - **Publisher**: DrDaveD - **Vulnerability ID**: GHSA-j…

Read more
Parse Server JWT Algorithm Confusion Account Takeover (CVE-2026-27804)
github.com · 2026-02-26

### Key Information Summary #### Vulnerability Details - **Title**: Account takeover via JWT algorithm confusion in Google auth adapter - **Vulnerability ID**: GHSA-4q3h-vp4r-prv2 - **CVE ID**: CVE-20…

Read more
Premium intel
CVSS 7.2
Dolibarr 23.0.2 Security Update: SSRF and File Handling Vulnerabilities Fixed
github.com · 2026-04-07

# Dolibarr 23.0.2 Security Update Summary ## Vulnerability Overview This release (23.0.2) includes multiple security fixes and permission improvements, primarily addressing the following critical vuln…

Read more
CVSS 8.1
Runtipi CVE-2026-24129 Authenticated Command Injection via BackupManager
github.com · 2026-01-27

### Key Information Summary #### Vulnerability Overview - **Type**: Authenticated Arbitrary Remote Code Execution - **CVE ID**: CVE-2026-24129 - **Vulnerability Database**: GHSA-vrg5-rcj5-6gv9 #### Af…

Read more
CVSS 8.1
phpMyFAQ CVE-2025-59943 Duplicate Email Registration Vulnerability
github.com · 2025-10-04

### Key Information #### Vulnerability Overview - **Vulnerability Name**: Duplicate email registration allows multiple accounts with the same email in phpMyFAQ - **CVE ID**: CVE-2025-59943 - **GHSA ID…

Read more
GitHub Actions pull_request_target Arbitrary Code Execution (CVE-2026-22869)
github.com · 2026-01-20

## Critical Vulnerability Information ### Vulnerability Title - **Arbitrary Code Execution via pull_request_target CI Workflow** ### Vulnerability Identifiers - **GHSA ID:** GHSA-gvh4-93cq-5xxp - **CV…

Read more
Premium intel
CVSS 7.5
UmbracoForms RCE via Untrusted WSDL Compilation (CVE-2025-68924) and Mitigation
github.com · 2026-01-20

--- ### Vulnerability Information - **Vulnerability Name**: UmbracoForms Vulnerability, allowing Remote Code Execution via untrusted WSDL compilation in dynamic SOAP client generation - **CVE ID**: CV…

Read more
CVE-2026-27830: c3p0 Java Deserialization RCE Vulnerability
github.com · 2026-02-26

### Critical Vulnerability Information #### Overview - **Title**: c3p0 prior to v0.12.0 can be dangerously abused to download and execute malicious code - **Publisher**: swaldman - **CVE ID**: CVE-202…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.