Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 354— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Parse Server Prototype Pollution Bypasses Cloud Function Auth (GHSA-vpj2-4q7w-5qq8)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview **Vulnerability Name**: Cloud Function validator bypass via prototype chain traversal **CVE ID**: GHSA-vpj2-4q7w-5qq8 **Vulnerabilit…

Read more
Parse Server Cloud Functions Prototype Pollution Bypasses Auth (GHSA-vpj2-q7w7-5qgg)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview **GHSA-vpj2-q7w7-5qgg**: Cloud Function Validator Bypass Vulnerability (Prototype Chain Traversal Attack) Attackers can bypass Cloud…

Read more
Parse Server GHSA-wp7p-gg32-8258 MFA Auth Data Exposure via verifyPassword Endpoint
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability ID**: GHSA-wp7p-gg32-8258 **Vulnerability Title**: Auth data exposed via verify password endpoint **Type**: Information Disclosure Vulnerability **Severity**:…

Read more
Parse Server GraphQL CORS Bypass Vulnerability (GHSA-q3p6-q7c4-82gc) Fix Analysis
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability ID**: GHSA-q3p6-q7c4-82gc **Vulnerability Title**: GraphQL API endpoint ignores CORS origin restriction This vulnerability causes Parse Server's GraphQL endpo…

Read more
Parse Server GHSA-w73w-g5sw-rwhf MFA Recovery Code Reuse via Concurrent Requests
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability ID**: GHSA-w73w-g5sw-rwhf **Vulnerability Type**: MFA (Multi-Factor Authentication) Single-Use Token Bypass **Vulnerability Description**: Attackers can bypas…

Read more
CVSS 6.3
OpenClaw writeFile TOCTOU Race Condition Sandbox Escape (GHSA-xvx8-77m6-gw6g)
github.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview **Vulnerability Title**: Sandbox `writeFile` commit could race outside the validated path **CVE ID**: GHSA-xvx8-77m6-gw6g **Vulnerab…

Read more
Parse Server GraphQL CORS Bypass Vulnerability Fix (GHSA-q3p6-g7c4-829c)
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability ID**: GHSA-q3p6-g7c4-829c / GHSA-q3p6-g7c4-829c (#10335) **Issue**: The GraphQL API endpoint ignores CORS origin restrictions, causing the GraphQL endpoint to…

Read more
Parse Server Unauthorized File Download via Range Header Bypass (GHSA-hpm8-9q6b-jwvw)
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability ID**: GHSA-hpm8-9q6b-jwvw **Vulnerability Type**: File Download Authorization Bypass **Issue**: Parse Server's file download functionality contains a security…

Read more
Parse Server Session Field Immutability Bypass via Null Values (GHSA-f6j3-w8v3-cq22)
github.com · 2026-04-02

## Vulnerability Overview **Session Field Immutability Bypass Vulnerability** - Attackers can bypass field immutability protections by setting critical fields (`expiresAt`, `createdWith`, `installatio…

Read more
Parse Server LiveQuery Protected Field Leak via Shared Mutable State (GHSA-m983-vzff-wq65)
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability Name**: LiveQuery protected field leak via shared mutable state across concurrent subscribers **CVE ID**: GHSA-m983-vzff-wq65 **Commit ID**: 5834e29 **Severit…

Read more
Parse Server LiveQuery Shared Mutable State Race Condition (GHSA-m883-v2ff-wq85)
github.com · 2026-04-02

## Vulnerability Summary ### Vulnerability Overview **LiveQuery Protected Fields Leak Shared Mutable State Through Concurrent Subscribers** (GHSA-m883-v2ff-wq85) This vulnerability exists in Parse Ser…

Read more
CVSS 2.7
Keycloak REST API Password Validation Bypass via Missing validate_password Call (GHSA-gmpv-7j62-j873)
github.com · 2026-04-02

### Vulnerability Summary **Vulnerability Overview** This screenshot shows a security vulnerability fix Pull Request for the Keycloak project. The vulnerability exists in that when setting or changing…

Read more
CVSS 6.1
libgos/captcha-protect v1.12.2 patch for GHSA-mh52-2j44-ee93
github.com · 2026-04-02

### Vulnerability Key Information Summary **Vulnerability Overview** The GitHub repository `libgos/captcha-protect` has released version `v1.12.2`, which fixes a security vulnerability. According to t…

Read more
Chromium URL Scheme Case-Insensitive Bypass of Deny-List (GHSA-rhzx-cwvy-q7j3)
github.com · 2026-04-02

# Chromium 通过不区分大小写的 URL 协议绕过拒绝列表 (GHSA-rhzx-cwvy-q7j3 的绕过) ### 漏洞概述 在 8.0 版本之前的 Chromium 中,`chrome://` 协议可通过使用混合大小写或全大写的 URL 协议(如 `Chrome://`)绕过拒绝列表检查。 ### 影响范围 * **受影响版本:** ```

Read more
aiohttp GHSA-766666 Fix request header validation to align with RFC 9110
github.com · 2026-04-02

### Vulnerability Overview * **Vulnerability ID**: GHSA-766666 * **Affected Component**: `aiohttp` (Python HTTP library) * **Description**: This commit addresses a flaw in the request header value val…

Read more
Prometheus SSRF Path Traversal Fix (GHSA-wvq-7j5c-7h27)
github.com · 2026-04-03

* **Vulnerability Overview:** This is a fix for an SSRF (Server-Side Request Forgery) path traversal vulnerability.

Read more
Poetry installer path traversal vulnerability fix (GHSA)
github.com · 2026-04-03

This webpage screenshot is a GitHub Pull Request (PR) page titled "Commits e659537" with the description "installer: fix path traversal (GHSA-...)". This indicates a commit that addresses a path trave…

Read more
CVSS 7.2
Fix SQL Injection in pug_user_getList via filter param (GHSA-53yq-c9jg-v3j2)
github.com · 2026-04-04

### 漏洞关键信息总结 **漏洞概述** 该提交修复了 `pug_user_getList` 函数中存在的 **SQL注入漏洞**。漏洞源于 `filter` 参数未经过滤,直接拼接到 SQL 查询语句中,攻击者可利用此漏洞执行任意 SQL 命令。 **影响范围** - **文件:** `includes/functions/pug_users.php` - **函数:** `pug_user_…

Read more
CVSS 8.1
Tandoor Recipes v2.6.4 Release Notes: GHSA Fixes for CSS Injection and Privilege Escalation
github.com · 2026-04-07

### Vulnerability Key Information Summary **Vulnerability Overview** This page contains the release notes for version **v2.6.4** of the open-source recipe management application **Tandoor Recipes**. T…

Read more
GHSA-mmpq-5hcv-hf2v: Parse Server Login Timing Side-Channel User Enumeration
github.com · 2026-04-08

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **Vulnerability Name:** Login timing side-channel reveals user existence * **Security Advisory ID:** GHSA-mmpq-5hcv-hf2v * **V…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.