Please report security issues to developer@streamphp.com
Security: WWBN/AVideo
Security
.github/SECURITY.md
-
CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File WriteGHSA-5572-2jgx-fc7c published
Apr 1, 2026 by DanielnetoDotComModerate -
Unauthenticated Instagram Graph API Proxy via publishInstagram.json.phpGHSA-x9w5-xccw-5h9w published
Apr 1, 2026 by DanielnetoDotComModerate -
Stored XSS via Unescaped Menu Item Fields in TopMenu PluginGHSA-gmpc-fxg2-vcmq published
Mar 31, 2026 by DanielnetoDotComModerate -
Stored SSRF via Video EPG Link Missing isSSRFSafeURL() ValidationGHSA-x5vx-vrpf-r45f published
Mar 30, 2026 by DanielnetoDotComModerate -
Reflected XSS via Unescaped ip Parameter in User_Location testIP.phpGHSA-jqrj-chh6-8h78 published
Mar 30, 2026 by DanielnetoDotComModerate -
Video Publishing Workflow Bypass via Unauthorized overrideStatus Request ParameterGHSA-m577-w9j8-ch7j published
Mar 30, 2026 by DanielnetoDotComModerate -
Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() BugGHSA-38rh-4v39-vfxv published
Mar 30, 2026 by DanielnetoDotComModerate -
Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI GuardGHSA-wwpw-hrx8-79r5 published
Mar 30, 2026 by DanielnetoDotComModerate -
Missing Authentication in CreatePlugin list.json.php Template Affects 21 EndpointsGHSA-g2mg-cgr6-vmv7 published
Mar 30, 2026 by DanielnetoDotComModerate -
Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.phpGHSA-4jcg-jxpf-5vq3 published
Mar 30, 2026 by DanielnetoDotComHigh
Learn more about advisories related to WWBN/AVideo in the GitHub Advisory Database