GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
22 advisories
Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands
Moderate
CVE-2026-29772
was published
for
@astrojs/node
(npm)
Mar 24, 2026
AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page
High
CVE-2026-34375
was published
for
wwbn/avideo
(Composer)
Mar 30, 2026
AVideo's CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking
High
CVE-2026-34394
was published
for
wwbn/avideo
(Composer)
Mar 31, 2026
AVideo vulnerable to Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php
Moderate
CVE-2026-34395
was published
for
wwbn/avideo
(Composer)
Mar 31, 2026
AVideo has Stored XSS via Unescaped Plugin Configuration Values in Admin Panel
Moderate
CVE-2026-34396
was published
for
wwbn/avideo
(Composer)
Mar 31, 2026
AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users
Moderate
CVE-2026-34611
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins
Moderate
CVE-2026-34613
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification
Moderate
CVE-2026-34716
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php
High
CVE-2026-34731
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints
Moderate
CVE-2026-34732
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard
Moderate
CVE-2026-34733
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug
Moderate
CVE-2026-34737
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter
Moderate
CVE-2026-34738
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php
Moderate
CVE-2026-34739
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation
Moderate
CVE-2026-34740
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin
Moderate
GHSA-gmpc-fxg2-vcmq
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php
Moderate
CVE-2026-35179
was published
for
wwbn/avideo
(Composer)
Apr 3, 2026
AVideo: CSRF on Player Skin Configuration via admin/playerUpdate.json.php
Moderate
CVE-2026-35181
was published
for
wwbn/avideo
(Composer)
Apr 3, 2026
AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php
Low
CVE-2026-35448
was published
for
wwbn/avideo
(Composer)
Apr 4, 2026
AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php
Moderate
CVE-2026-35449
was published
for
wwbn/avideo
(Composer)
Apr 4, 2026
AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php
Moderate
CVE-2026-35450
was published
for
wwbn/avideo
(Composer)
Apr 4, 2026
AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php
Moderate
CVE-2026-35452
was published
for
wwbn/avideo
(Composer)
Apr 4, 2026
ProTip!
Advisories are also available from the
GraphQL API