GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
17 advisories
AVideo vulnerable to Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php
Moderate
CVE-2026-34395
was published
for
wwbn/avideo
(Composer)
Mar 31, 2026
AVideo has Stored XSS via Unescaped Plugin Configuration Values in Admin Panel
Moderate
CVE-2026-34396
was published
for
wwbn/avideo
(Composer)
Mar 31, 2026
AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users
Moderate
CVE-2026-34611
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins
Moderate
CVE-2026-34613
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification
Moderate
CVE-2026-34716
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints
Moderate
CVE-2026-34732
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard
Moderate
CVE-2026-34733
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug
Moderate
CVE-2026-34737
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter
Moderate
CVE-2026-34738
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php
Moderate
CVE-2026-34739
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation
Moderate
CVE-2026-34740
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin
Moderate
GHSA-gmpc-fxg2-vcmq
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php
Moderate
CVE-2026-35179
was published
for
wwbn/avideo
(Composer)
Apr 3, 2026
AVideo: CSRF on Player Skin Configuration via admin/playerUpdate.json.php
Moderate
CVE-2026-35181
was published
for
wwbn/avideo
(Composer)
Apr 3, 2026
AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php
Moderate
CVE-2026-35449
was published
for
wwbn/avideo
(Composer)
Apr 4, 2026
AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php
Moderate
CVE-2026-35450
was published
for
wwbn/avideo
(Composer)
Apr 4, 2026
AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php
Moderate
CVE-2026-35452
was published
for
wwbn/avideo
(Composer)
Apr 4, 2026
ProTip!
Advisories are also available from the
GraphQL API