Security Advisories · WWBN/AVideo · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)
GHSA-mcj5-6qr4-95fj published Mar 19, 2026 by DanielnetoDotCom

Critical
Authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`
GHSA-4jw9-5hrc-m4j6 published Mar 19, 2026 by DanielnetoDotCom

High
IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php
GHSA-6547-8hrg-c55m published Mar 18, 2026 by DanielnetoDotCom

Moderate
Open Redirect via Unvalidated redirectUri in userLogin.php
GHSA-hj5h-5623-gwhw published Mar 18, 2026 by DanielnetoDotCom

Moderate
Stored XSS via Unescaped Video Title in CDN downloadButtons.php
GHSA-gc3m-4mcr-h3pv published Mar 18, 2026 by DanielnetoDotCom

High
Unauthenticated PGP Message Decryption via Public Endpoint
GHSA-5x2w-37xf-7962 published Mar 18, 2026 by DanielnetoDotCom

Moderate
OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command
GHSA-w5ff-2mjc-4phc published Mar 18, 2026 by DanielnetoDotCom

Moderate
Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter
GHSA-xmjm-86qv-g226 published Mar 18, 2026 by DanielnetoDotCom

High
SSRF in BulkEmbed Thumbnail Fetch Allows Reading Internal Network Resources
GHSA-66cw-h2mj-j39p published Mar 18, 2026 by DanielnetoDotCom

Moderate
Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos
GHSA-pw4v-x838-w5pg published Mar 18, 2026 by DanielnetoDotCom

High