Security Intel Hub 354— Search: `GHSA`×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Filter

KEV only

Verified PoC

GHSA-243v-98vx-264h: Wasmtime WASI HTTP DoS Vulnerability

github.com · 2026-02-25

### Critical Vulnerability Information #### Vulnerability Overview - **Vulnerability ID**: GHSA-243v-98vx-264h - **CVE ID**: CVE-2026-27572 - **Severity**: Medium (CVSS v4 base score: 6.9/10) #### Imp…

CVSS 7.7

GHSA-jcc6-f9v6-f7jw: Authenticated Full Read SSRF via Favicon Fetching (CVE-2026-27706)

github.com · 2026-02-26

### Key Information #### Vulnerability Details - **Title**: Full Read SSRF via Favicon Fetching in "Add Link" Feature - **ID**: GHSA-jcc6-f9v6-f7jw - **Publisher**: sriramveeraghanta - **Published**: …

CVSS 5.3

Rucio WebUI Username Enumeration via Login Error Message (GHSA-38wq-6q2w-hcf9)

github.com · 2026-02-26

### Key Information #### Vulnerability Title - Username Enumeration via Login Error Message in Rucio WebUI #### Vulnerability ID - GHSA-38wq-6q2w-hcf9 #### Severity - Moderate (5.3/10) #### Affected V…

CVSS 7.1

Zed Editor Agent File Tools Symlink Escape Vulnerability (GHSA-786m-xzvc-5235)

github.com · 2026-02-26

### Key Vulnerability Information #### Vulnerability Title - **Symlink Escape in Agent File Tools** #### Vulnerability ID - GHSA-786m-xzvc-5235 #### Publisher and Time - swannysec, published 2 hours a…

CVSS 7.7

GHSA-4q9f-mjxf-rx7x: wp-graphql Workflow Expression Injection Fix

github.com · 2026-02-26

### Critical Vulnerability Information #### Vulnerability Description - **Vulnerability ID**: GHSA-4q9f-mjxf-rx7x - **Type**: Expression Injection - **Affected Scope**: wp-graphql/v2.9.1 and earlier v…

CVSS 4.8

GHSA-8c9r-pvrj-vcf5: Audiobookshelf Stored XSS Vulnerability

github.com · 2026-02-26

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Stored XSS - **ID**: GHSA-8c9r-pvrj-vcf5 - **Affected Component**: assets/WrappingMarquee.js - **Affected Versions**: `; - Cha…

Path Traversal in Hex.pm Local File Store Backend (GHSA-42mv-r64p-4869)

github.com · 2026-02-27

### Vulnerability Key Information #### Basic Information - **Title**: Path Traversal in Local File Store Backend (Development and Self-Hosted Registry Setups) - **Publisher**: maennchen - **Published*…

Premium intel

CVSS 8.6

ZimaOS GHSA-65mg-9gw5 Unauthorized File Creation via API Bypass

github.com · 2026-03-03

## Critical Vulnerability Information ### Vulnerability Overview - **Vulnerability Name**: ZimaOS v1.5.2-beta3 - Unauthorized Creation of Files/Folders in Restricted System Directories via API - **Vul…

CVSS 8.8

XSS Fix Patch and GHSA-hc3c-8p55-xh4r Advisory

github.com · 2026-03-03

**Vulnerability Information in the Screenshot:** - **Commit Description**: - The commit message indicates that this change is to "Apply XSS removal when importing users." This suggests that prior code…

Sulu CMS Security Fix Advisory (GHSA-6h7h-m7p5-hjgq)

github.com · 2026-04-02

## Vulnerability Key Information ### Vulnerability Overview - **Vulnerability ID**: GHSA-6h7h-m7p5-hjgq - **Type**: Security fix - **Fixed by**: @alexander-schranz - **Acknowledgments**: @sh4dowalker …

KEV

Telnyx Python Package Supply Chain Poisoning (GHSA-953r-262c-63c5) and Malware Analysis

github.com · 2026-04-02

# Telnyx Python Package Malicious Code Vulnerability (GHSA-953r-262c-63c5) ## Vulnerability Overview - **Date**: March 27, 2025 - **Attacker**: Exploited leaked PyPI credentials to directly upload mal…

CVSS 7.1

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 354— Search: `GHSA`×

GHSA-243v-98vx-264h: Wasmtime WASI HTTP DoS Vulnerability

GHSA-jcc6-f9v6-f7jw: Authenticated Full Read SSRF via Favicon Fetching (CVE-2026-27706)

Rucio WebUI Username Enumeration via Login Error Message (GHSA-38wq-6q2w-hcf9)

Zed Editor Agent File Tools Symlink Escape Vulnerability (GHSA-786m-xzvc-5235)

GHSA-4q9f-mjxf-rx7x: wp-graphql Workflow Expression Injection Fix

GHSA-8c9r-pvrj-vcf5: Audiobookshelf Stored XSS Vulnerability

Path Traversal in Hex.pm Local File Store Backend (GHSA-42mv-r64p-4869)

ZimaOS GHSA-65mg-9gw5 Unauthorized File Creation via API Bypass

XSS Fix Patch and GHSA-hc3c-8p55-xh4r Advisory

Sulu CMS Security Fix Advisory (GHSA-6h7h-m7p5-hjgq)

Telnyx Python Package Supply Chain Poisoning (GHSA-953r-262c-63c5) and Malware Analysis

TinaCMS Symlink Bypass Leading to Path Traversal (GHSA-gB7r-2gJ3-J9Sw)

Parse Server LiveQuery Protected Field Guard Bypass (GHSA-mmg8-87c5-jrc2)

parse-server GHSA-f6j3-w9v3-cq22 Session Field Immutability Bypass Vulnerability

Parse Server LiveQuery Protected-Field Guard Bypass (GHSA-mmg8-87c5-jrc2)

Parse Server Cloud Function Validator Bypass via Prototype Chain Traversal (GHSA-vpj2-qq7w-5qq6)

Parse Server GraphQL Query Complexity Validator DoS via Exponential Fragment Traversal (GHSA-mf3j-6cp4-m98c)

Parse Server /verifyPassword MFA Secret Leakage Vulnerability (GHSA-wp7p-gg32-8258)

Parse Server GraphQL Complexity Validator DoS via Fragment Fan-out (GHSA-mf9j-6p94-m8bc)

Parse Server MFA One-Time Token Bypass via Race Condition (GHSA-w73w-g5sw-rw9f)

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 354— Search: GHSA×

Security Intel Hub 354— Search: `GHSA`×