SecLens 情报中心

网安资讯,一网打尽。汇集权威漏洞通告与行业要闻,结合分组浏览、智能过滤、RSS订阅 和 Webhook 推送,多通道拓展您的安全情报视野。

社区情报

来自安全社区、研究机构和开源生态的情报。

  • npm/@angular/platform-server: @angular/platform-server: SSRF via Hostname Hijacking

    发布时间 2026-05-20 04:29 (UTC+08:00) 抓取时间 2026-05-20 09:45 (UTC+08:00)

    Severity: HIGH | CVE: CVE-2026-46417 | Package: npm/@angular/platform-server | Affected: >= 22.0.0-next.0, < 22.0.0-next.12 | Patched: 22.0.0-next.12

    扩展字段 
    {
  "credits": [
    {
      "login": "alan-agius4",
      "type": "remediation_developer"
    },
    {
      "login": "AndrewKushnir",
      "type": "remediation_reviewer"
    },
    {
      "login": "VenkatKwest",
      "type": "finder"
    },
    {
      "login": "dgp1130",
      "type": "remediation_reviewer"
    }
  ],
  "cve_id": "CVE-2026-46417",
  "cwe_ids": [
    "CWE-918"
  ],
  "cwe_names": [
    "Server-Side Request Forgery (SSRF)"
  ],
  "ghsa_id": "GHSA-rfh7-fxqc-q52v",
  "package": {
    "ecosystem": "npm",
    "name": "@angular/platform-server",
    "patched_version": "22.0.0-next.12",
    "vulnerable_range": ">= 22.0.0-next.0, < 22.0.0-next.12"
  },
  "references": [
    "https://github.com/angular/angular/security/advisories/GHSA-rfh7-fxqc-q52v",
    "https://github.com/angular/angular/pull/68570",
    "https://github.com/advisories/GHSA-rfh7-fxqc-q52v"
  ],
  "source_code_location": "https://github.com/angular/angular",
  "updated_at": "2026-05-19T20:29:53Z"
}
    GitHub Advisory ecosystem:npm severity:high type:reviewed cve github_advisory official_bulletin package_vulnerability

  • go/pkg.jsn.cam/caddy-defender: Caddy Defender trusted proxy client IP bypass

    发布时间 2026-05-20 04:29 (UTC+08:00) 抓取时间 2026-05-20 09:45 (UTC+08:00)

    Severity: HIGH | CVSS: 8.2 | CVE: CVE-2026-46415 | Package: go/pkg.jsn.cam/caddy-defender | Affected: < 0.10.1 | Patched: 0.10.1

    扩展字段 
    {
  "credits": [
    {
      "login": "JasonLovesDoggo",
      "type": "finder"
    }
  ],
  "cve_id": "CVE-2026-46415",
  "cvss_score": 8.2,
  "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
  "cwe_ids": [
    "CWE-284",
    "CWE-348"
  ],
  "cwe_names": [
    "Improper Access Control",
    "Use of Less Trusted Source"
  ],
  "ghsa_id": "GHSA-3h23-rrpc-3p87",
  "package": {
    "ecosystem": "go",
    "name": "pkg.jsn.cam/caddy-defender",
    "patched_version": "0.10.1",
    "vulnerable_range": "< 0.10.1"
  },
  "references": [
    "https://github.com/JasonLovesDoggo/caddy-defender/security/advisories/GHSA-3h23-rrpc-3p87",
    "https://github.com/JasonLovesDoggo/caddy-defender/pull/139",
    "https://github.com/advisories/GHSA-3h23-rrpc-3p87"
  ],
  "source_code_location": "https://github.com/JasonLovesDoggo/caddy-defender",
  "updated_at": "2026-05-19T20:29:18Z"
}
    GitHub Advisory ecosystem:go severity:high type:reviewed cve github_advisory official_bulletin package_vulnerability

  • npm/@beproduct/nestjs-auth: Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm

    发布时间 2026-05-20 04:28 (UTC+08:00) 抓取时间 2026-05-20 09:45 (UTC+08:00)

    Severity: CRITICAL | CVSS: 10.0 | CVE: CVE-2026-46412 | Package: npm/@beproduct/nestjs-auth | Affected: >= 0.1.2, <= 0.1.19

    扩展字段 
    {
  "cve_id": "CVE-2026-46412",
  "cvss_score": 10.0,
  "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "cwe_ids": [
    "CWE-506"
  ],
  "cwe_names": [
    "Embedded Malicious Code"
  ],
  "ghsa_id": "GHSA-6xwp-cp5h-q856",
  "package": {
    "ecosystem": "npm",
    "name": "@beproduct/nestjs-auth",
    "patched_version": null,
    "vulnerable_range": ">= 0.1.2, <= 0.1.19"
  },
  "references": [
    "https://github.com/BeProduct/beproduct-org-nestjs-auth/security/advisories/GHSA-6xwp-cp5h-q856",
    "https://www.aikido.dev/blog/checklist-github-actions",
    "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised",
    "https://github.com/advisories/GHSA-6xwp-cp5h-q856"
  ],
  "source_code_location": "https://github.com/BeProduct/beproduct-org-nestjs-auth",
  "updated_at": "2026-05-19T20:28:08Z"
}
    GitHub Advisory ecosystem:npm severity:critical type:reviewed cve github_advisory official_bulletin package_vulnerability

  • go/github.com/gtsteffaniak/filebrowser/backend: FileBrowser Quantum: unauthenticated user share share info

    发布时间 2026-05-20 04:14 (UTC+08:00) 抓取时间 2026-05-20 09:45 (UTC+08:00)

    Severity: HIGH | CVE: CVE-2026-46410 | Package: go/github.com/gtsteffaniak/filebrowser/backend | Affected: < 0.0.0-20260514154726-1802e1281135 | Patched: 0.0.0-20260514154726-1802e1281135

    扩展字段 
    {
  "cve_id": "CVE-2026-46410",
  "cwe_ids": [
    "CWE-200"
  ],
  "cwe_names": [
    "Exposure of Sensitive Information to an Unauthorized Actor"
  ],
  "ghsa_id": "GHSA-3jmg-p96m-m328",
  "package": {
    "ecosystem": "go",
    "name": "github.com/gtsteffaniak/filebrowser/backend",
    "patched_version": "0.0.0-20260514154726-1802e1281135",
    "vulnerable_range": "< 0.0.0-20260514154726-1802e1281135"
  },
  "references": [
    "https://github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-3jmg-p96m-m328",
    "https://github.com/gtsteffaniak/filebrowser/commit/1802e1281135cba83eb4acd86b58293fe121e2a5",
    "https://github.com/advisories/GHSA-3jmg-p96m-m328"
  ],
  "source_code_location": "https://github.com/gtsteffaniak/filebrowser",
  "updated_at": "2026-05-19T20:14:12Z"
}
    GitHub Advisory ecosystem:go severity:high type:reviewed cve github_advisory official_bulletin package_vulnerability

  • npm/camofox-mcp: CamoFox MCP: Unauthenticated HTTP MCP browser-control surface

    发布时间 2026-05-20 04:13 (UTC+08:00) 抓取时间 2026-05-20 09:45 (UTC+08:00)

    Severity: HIGH | Package: npm/camofox-mcp | Affected: < 1.13.2 | Patched: 1.13.2

    扩展字段 
    {
  "cwe_ids": [
    "CWE-306"
  ],
  "cwe_names": [
    "Missing Authentication for Critical Function"
  ],
  "ghsa_id": "GHSA-7hgr-7h44-33w2",
  "package": {
    "ecosystem": "npm",
    "name": "camofox-mcp",
    "patched_version": "1.13.2",
    "vulnerable_range": "< 1.13.2"
  },
  "references": [
    "https://github.com/redf0x1/camofox-mcp/security/advisories/GHSA-7hgr-7h44-33w2",
    "https://github.com/redf0x1/camofox-mcp/commit/599f56ee40f8062aeca541c251ed1d39fb437f50",
    "https://github.com/advisories/GHSA-7hgr-7h44-33w2"
  ],
  "source_code_location": "https://github.com/redf0x1/camofox-mcp",
  "updated_at": "2026-05-19T20:13:37Z"
}
    GitHub Advisory ecosystem:npm severity:high type:reviewed github_advisory official_bulletin package_vulnerability

  • pip/sqlfluff: SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser

    发布时间 2026-05-20 04:10 (UTC+08:00) 抓取时间 2026-05-20 09:45 (UTC+08:00)

    Severity: HIGH | CVSS: 7.5 | CVE: CVE-2026-46374 | Package: pip/sqlfluff | Affected: < 4.2.0 | Patched: 4.2.0

    扩展字段 
    {
  "cve_id": "CVE-2026-46374",
  "cvss_score": 7.5,
  "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "cwe_ids": [
    "CWE-400"
  ],
  "cwe_names": [
    "Uncontrolled Resource Consumption"
  ],
  "ghsa_id": "GHSA-73jc-5mrq-prw7",
  "package": {
    "ecosystem": "pip",
    "name": "sqlfluff",
    "patched_version": "4.2.0",
    "vulnerable_range": "< 4.2.0"
  },
  "references": [
    "https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-73jc-5mrq-prw7",
    "https://github.com/advisories/GHSA-73jc-5mrq-prw7"
  ],
  "source_code_location": "https://github.com/sqlfluff/sqlfluff",
  "updated_at": "2026-05-19T20:10:54Z"
}
    GitHub Advisory ecosystem:pip severity:high type:reviewed cve github_advisory official_bulletin package_vulnerability

  • pip/sqlfluff: SQLFluff: Recursive Stack Overflow in Parser

    发布时间 2026-05-20 04:10 (UTC+08:00) 抓取时间 2026-05-20 09:45 (UTC+08:00)

    Severity: HIGH | CVSS: 7.5 | CVE: CVE-2026-46373 | Package: pip/sqlfluff | Affected: < 4.1.0 | Patched: 4.1.0

    扩展字段 
    {
  "cve_id": "CVE-2026-46373",
  "cvss_score": 7.5,
  "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "cwe_ids": [
    "CWE-674"
  ],
  "cwe_names": [
    "Uncontrolled Recursion"
  ],
  "ghsa_id": "GHSA-wmhf-fqc8-vxhh",
  "package": {
    "ecosystem": "pip",
    "name": "sqlfluff",
    "patched_version": "4.1.0",
    "vulnerable_range": "< 4.1.0"
  },
  "references": [
    "https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-wmhf-fqc8-vxhh",
    "https://github.com/advisories/GHSA-wmhf-fqc8-vxhh"
  ],
  "source_code_location": "https://github.com/sqlfluff/sqlfluff",
  "updated_at": "2026-05-19T20:10:19Z"
}
    GitHub Advisory ecosystem:pip severity:high type:reviewed cve github_advisory official_bulletin package_vulnerability

  • npm/sillytavern: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl

    发布时间 2026-05-20 04:09 (UTC+08:00) 抓取时间 2026-05-20 09:45 (UTC+08:00)

    Severity: HIGH | CVSS: 8.5 | CVE: CVE-2026-46372 | Package: npm/sillytavern | Affected: <= 1.17.0 | Patched: 1.18.0

    扩展字段 
    {
  "cve_id": "CVE-2026-46372",
  "cvss_score": 8.5,
  "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
  "cwe_ids": [
    "CWE-918"
  ],
  "cwe_names": [
    "Server-Side Request Forgery (SSRF)"
  ],
  "ghsa_id": "GHSA-qg89-qwwh-5f3j",
  "package": {
    "ecosystem": "npm",
    "name": "sillytavern",
    "patched_version": "1.18.0",
    "vulnerable_range": "<= 1.17.0"
  },
  "references": [
    "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-qg89-qwwh-5f3j",
    "https://github.com/advisories/GHSA-qg89-qwwh-5f3j"
  ],
  "source_code_location": "https://github.com/SillyTavern/SillyTavern",
  "updated_at": "2026-05-19T20:09:52Z"
}
    GitHub Advisory ecosystem:npm severity:high type:reviewed cve github_advisory official_bulletin package_vulnerability