Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 354— Search: GHSA×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Premium intel
CVSS 8.8
PyLoad API Privilege Escalation via Unrestricted Config Modification (GHSA-4744-96p5-mp2j) Fix Analysis
github.com · 2026-04-08

### Vulnerability Summary **1. Vulnerability Overview** This commit addresses two security advisories (GHSA-4744-96p5-mp2j and GHSA-w48f-ww4f-f5fr) within the PyLoad project. The vulnerability allows …

Read more
CVSS 5.0
LobeHub Auth Bypass via XOR-obfuscated Header (GHSA-5m9j-5jsw-5c97) and Fix
github.com · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** This is an Authentication Bypass vulnerability. An attacker can bypass authentication by forging the `X-lobes-chat-auth` request he…

Read more
LibreNMS Remote Code Execution via Binary Path Manipulation (GHSA-pr3g-phhr-h8fh)
github.com · 2026-04-18

# LibreNMS Remote Code Execution Vulnerability (GHSA-pr3g-phhr-h8fh) ## Vulnerability Overview LibreNMS contains a remote code execution vulnerability. An attacker can modify the **binary path setting…

Read more
CVSS 5.1
ImageMagick GHSA-26qp-ffjh-2x4v Memory Allocation Error DoS Vulnerability and Fix Analysis
github.com · 2026-04-18

# ImageMagick Security Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: GHSA-26qp-ffjh-2x4v - **Vulnerability Type**: Memory Allocation Error - **Trigger Condition**: When proce…

Read more
Premium intel
CVSS 9.8
GHSA-526v-vm72-4vd4: Sail XWD Parser Invalid BPP Handling Vulnerability
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Type**: Improper handling of invalid bpp (bits per pixel) - **Vulnerability ID**: GHSA-526v-vm72-4vd4 - **Affected Components**: `src/sail-codecs/…

Read more
CVSS 8.2
Maddy LDAP Injection Fix GHSA-5835-4gvc-32pc
github.com · 2026-04-18

### Vulnerability Overview - **Vulnerability Name**: auth/ldap: Fix GHSA-5835-4gvc-32pc - **Vulnerability Description**: Add proper escaping when constructing LDAP search filter expressions. ### Impac…

Read more
Dataease GHSA-944x-93jf-h3rx Arbitrary File Read via JDBC Parameter Bypass and POC
github.com · 2026-04-18

# Arbitrary File Read Vulnerability ## Overview * **Vulnerability Type**: Arbitrary File Read * **Severity**: High * **Vulnerability ID**: GHSA-944x-93jf-h3rx * **Affected Component**: `io.dataease` (…

Read more
Premium intel
CVSS 9.8
Sail Library BPP48-CIE-LAB Format Handling Vulnerability (GHSA-rcqx-gc76-r9mv)
github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Support for BPP48-CIE-LAB Report in GHSA-rcqx-gc76-r9mv - **Description**: This vulnerability involves support for the BPP48-CIE-LAB forma…

Read more
Chamilo LMS Stored XSS via Malicious File Upload (GHSA-273p-jw9w-3g22)
github.com · 2026-04-18

# Vulnerability Summary: Stored XSS Vulnerability in Chamilo LMS ## Overview - **Vulnerability Name**: Stored XSS via Malicious File Upload in Social Post Attachments Leading to Arbitrary JavaScript E…

Read more
CVSS 6.5
OpenProject Cross-Project Agenda Injection Vulnerability (GHSA-hh5p-gwfh-h245)
github.com · 2026-04-21

# OpenProject Cross-Project Meeting Agenda Injection Vulnerability (GHSA-hh5p-gwfh-h245) ## Vulnerability Overview OpenProject has an **Unscoped Section Lookup** vulnerability. An attacker with the `m…

Read more
CVSS 7.7
Tekton Pipelines git resolver API token leakage vulnerability (GHSA-2d5r-9pm-2w5c)
github.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: Git resolver API mode leaks system-configured API token to user-controlled serverURL - **Vulnerability Description**: In API mode, Tekton Pipelines…

Read more
CVSS 8.8
pyLoad Session Management Fix for GHSA-60hx-chf7-3332
github.com · 2026-04-22

# Vulnerability Summary ## Overview - **Vulnerability Type**: Improper User Session Management - **Impact**: When a user is modified/deleted or their password is changed, sessions are not properly inv…

Read more
Premium intel
CVSS 9.8
Pipecast LivekitFrameSerializer Pickle Deserialization RCE (GHSA-c3jg-5cp7-6wc7)
github.com · 2026-04-24

# Vulnerability Summary: Pipecast Remote Code Execution Vulnerability ## Overview * **Vulnerability Name**: Remote Code Execution (RCE) caused by Pickle deserialization via `LivekitFrameSerializer` * …

Read more
CVSS 2.2
SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) · Advisory · w
github.com · 2026-04-25

# SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) ## Vulnerability Overview At line 28 of the file `packages/integrations/cloudflare/src/utils…

Read more
CVSS 7.2
[Patch Bypass] Incomplete Fix for GHSA-3p68-rc4w-qgx5 (CVE-2025-62718) — NO_PROXY Protection Bypassed via RFC 1122 Loopb
github.com · 2026-04-25

# Vulnerability Summary: Axios NO_PROXY Protection Bypass (CVE-2025-62718) ## 1. Vulnerability Overview * **Vulnerability Name**: [Patch Bypass] Incomplete Fix for GHSA-3p68-rc4w-qqx5 (CVE-2025-62718)…

Read more
:lock: https://github.com/siyuan-note/siyuan/security/advisories/GHSA… · siyuan-note/siyuan@bb481e1 · GitHub
github.com · 2026-04-25

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves a path traversal issue in the `kernel/server/server.go` file. An attacker can bypass sensitive file protection mechanisms …

Read more
Premium intel
CVSS 8.1
GHSA-rfxr-8xpm-wrp7: Fix XXE by removing LIBXML_NOENT/NONET options
github.com · 2026-05-07

### Vulnerability Overview - **Vulnerability Type**: Code Injection Vulnerability - **Vulnerability Description**: In the `system/import/xml.php` file, the `export()` function contains a code injectio…

Read more
Premium intel
CVSS 9.6
openclaw CDP relay exposes DevTools on 0.0.0.0 (GHSA-525j-hqq2-66r4)
github.com · 2026-05-07

# Vulnerability Summary: Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0 ## Vulnerability Overview - **Title**: Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0 …

Read more
CVSS 4.3
Incus GHSA-98vh-x9cx-9cfp Unbounded Binary Import Disk Exhaustion Vulnerability
github.com · 2026-05-07

# Vulnerability Summary: Unbounded binary import disk exhaustion (GHSA-98vh-x9cx-9cfp) ## Vulnerability Overview This is an **unbounded binary import disk exhaustion** vulnerability. * **Mechanism**: …

Read more
CVSS 7.4
Axios Prototype Pollution Leading to Request Hijacking (GHSA-q8qp-cvcw-x6jg)
github.com · 2026-05-08

### Vulnerability Overview - **Vulnerability Name**: Prototype Pollution leading to Header Injection and Request Hijacking - **CVE/Advisory ID**: GHSA-q8qp-cvcw-x6jg - **Description**: By injecting he…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.