Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 354— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Parse Server CVE-2024-34351: Auth Data Exposure via Verify Password Endpoint
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview - **Vulnerability Name**: Auth data exposed via verify password endpoint - **CVE ID**: CVE-2024-34351 - **Severity**: High (8.2/10) …

Read more
Parse Server GraphQL Complexity Validator DoS Vulnerability (CVE-2024-34373)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview **GraphQL Complexity Validator Exponential Fragment Traversal DoS** The GraphQL query complexity validator contains a vulnerability …

Read more
CVSS 4.2
fast-jwt CVE-2026-35041 ReDoS Vulnerability and Fix Analysis
github.com · 2026-04-10

### Vulnerability Summary **1. Vulnerability Overview** * **CVE ID**: CVE-2026-35041 * **GHSA ID**: GHSA-cjw9-ghj4-fwxf * **Vulnerability Type**: ReDoS (Regular Expression Denial of Service) * **Descr…

Read more
CVSS 8.9
h3 Framework Request Smuggling Vulnerability (CVE-2026-23527) Analysis and Fix
simonkoeck.com · 2026-04-18

# Vulnerability Summary: h3 Framework Request Smuggling Vulnerability ## Overview - **Vulnerability Name**: h3 Framework Request Smuggling Vulnerability - **CVE ID**: CVE-2026-23527 - **GHSA ID**: GHS…

Read more
CVSS 7.5
FirebirdSQL CVE-2020-33337 Buffer Overflow in Slice Packet Parsing
github.com · 2026-04-18

# Vulnerability Overview **Title**: Buffer overflow on parsing corrupted slice packet **CVE ID**: CVE-2020-33337 **CVSS v3 Score**: 7.5 / 10 (High) **Reporter**: dyemanov **Published Time**: 17 hours …

Read more
OpenClaw < 2026.4.8 - Strict Browser SSRF Bypass via Playwright Redirect Handling | Advisories | VulnCheck
www.vulncheck.com · 2026-04-29

# OpenClaw = 0, < 2026.4.8 - **CVSS Score**: 4.0 (AV:N/AC:L/AT:N/PR:N/UI:PVC:N/EL:VA/N/SCH:SEL/SA:N) - **Vulnerability Type**: CVE-918 Server-Side Request Forgery (SSRF) ## Remediation - **Fixed Versi…

Read more
OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallback | Advisories | VulnCheck
www.vulncheck.com · 2026-04-29

# OpenClaw = 0, < 2026.4.8 - **Severity**: High - **Publication Date**: 2026-04-23 - **CVSS Vector**: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/V:C/H:E/V:H/SC:N/SI:N/SA:N ## Remediation Upgrade to OpenClaw 20…

Read more
OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend | Advisories | VulnCheck
www.vulncheck.com · 2026-04-29

# Vulnerability Summary ## Overview **Vulnerability Title**: OpenClaw = 0, < 2026.3.24 * **Vulnerability Description**: Prior to version 2026.3.24, OpenClaw's CLI backend runner contains an environmen…

Read more
OpenClaw < 2026.3.31 - Privilege Escalation to Remote Code Execution via Unrestricted node.event Agent Dispatch | Adviso
www.vulncheck.com · 2026-04-29

# OpenClaw Privilege Escalation Vulnerability Summary ## Vulnerability Overview OpenClaw contains a privilege escalation vulnerability that allows attackers to achieve remote code execution through un…

Read more
OpenClaw < 2026.4.8 - Server-Side Request Forgery Policy Bypass via Interaction-Triggered Navigation | Advisories | Vuln
www.vulncheck.com · 2026-04-29

# OpenClaw = 0, < 2026.4.8 ## Remediation * **Upgrade Version**: Upgrade OpenClaw to version **2026.4.8** or later. ## References * GitHub Security Advisory: [GHSA-vc5g-mpx7-h897](https://github.com/a…

Read more
OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths | Advisories | VulnCheck
www.vulncheck.com · 2026-04-29

# OpenClaw < 2026.4.8 - Server-Side Request Forgery (SSRF) in QQ Bot Media Retrieval Path ## Vulnerability Overview OpenClaw versions prior to 2026.4.8 contain a Server-Side Request Forgery (SSRF) vul…

Read more
hexpm/hex Insufficient Verification of Data Authenticity Vulnerability (CVE-2026-32148)
osv.dev · 2026-05-01

# EEF-CVE-2026-32148 Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) - …

Read more
Release v2.22.0 · binwiederhier/ntfy · GitHub
github.com · 2026-05-04

# Vulnerability Summary ## Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Description**: An SSRF vulnerability exists in the `ntfy` web push endpoint due to the allow-list r…

Read more
test(GHSA-v37h-5mfm-c47c): switch prelude to p.getPrototypeOf(p) (rea… · patriksimek/vm2@bdd3d15 · GitHub
github.com · 2026-05-05

# Vulnerability Summary ## Overview This vulnerability involves inconsistent behavior of the `Object.getPrototypeOf()` method in Node.js within a sandboxed environment. The original exploit code attem…

Read more
Uncontrolled memory allocation via nb_colors field in _load_bmp · Advisory · GreycLab/CImg · GitHub
github.com · 2026-05-05

# Vulnerability Overview **Title**: Uncontrolled memory allocation via `nb_colors` field in `_load_bmp` **Vulnerability Type**: Uncontrolled memory allocation **Severity**: Moderate **CVE ID**: CVE-20…

Read more
OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling | Advisories | VulnCheck
www.vulncheck.com · 2026-05-05

# OpenClaw = 0, < 2026.4.12 - **Severity**: HIGH - **Release Date**: 2026/5/5 - **CVSS Score**: 9.8 - **CVSS Vector**: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N ## Remediation Up…

Read more
OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution | Advisories | V
www.vulncheck.com · 2026-05-05

# OpenClaw Vulnerability Summary ## Overview OpenClaw contains a **weakened exec approval binding** vulnerability. Attackers can bypass the exec approval mechanism and lower the risk classification of…

Read more
OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing | Advisories | VulnCheck
www.vulncheck.com · 2026-05-05

# OpenClaw Sandbox Escape Vulnerability Summary ## Vulnerability Overview OpenClaw contains a sandbox escape vulnerability caused by **host parameter override in the Exec route**. Attackers can bypass…

Read more
Browser tabs action select and close routes bypassed SSRF policy · Advisory · openclaw/openclaw · GitHub
github.com · 2026-05-05

# Vulnerability Summary: Browser tabs action select and close routes bypassed SSRF policy ## Overview This vulnerability involves the browser tab action routes (`/tabs/action` select and close branche…

Read more
Lua Use-After-Free may lead to remote code execution · Advisory · redis/redis · GitHub
github.com · 2026-05-06

# Lua Use-After-Free Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: Lua Use-After-Free may lead to remote code execution - **CVE ID**: CVE-2026-23631 - **CVSS Score**: 6.1 /…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.