GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
21 advisories
AVideo: Unauthenticated Access to Payment Log DataTables Endpoints Exposes Transaction Data, PayPal Tokens, and User Financial Records
High
GHSA-wprj-9cvc-5w37
was published
for
wwbn/avideo
(Composer)
Mar 29, 2026
AVideo is Vulnerable to SQL Injection through Subscribe Endpoint via Unsanitized user_id Parameter
High
CVE-2026-33723
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment
High
CVE-2026-33719
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
AVideo: Remote Code Execution via PHP Temp File in Encoder downloadURL
High
CVE-2026-33717
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name
High
CVE-2026-33681
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat()
High
CVE-2026-33651
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion
High
CVE-2026-33650
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification
High
CVE-2026-33649
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
AVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File Path
High
CVE-2026-33648
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload
High
CVE-2026-33647
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload
High
CVE-2026-33507
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
AVideo has a Path Traversal in import.json.php Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter
High
CVE-2026-33493
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin
High
CVE-2026-33488
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php
High
CVE-2026-33483
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()
High
CVE-2026-33482
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy
High
CVE-2026-33480
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin
High
CVE-2026-33479
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter
High
CVE-2026-33293
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
AVideo has an Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos
High
CVE-2026-33292
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
High
CVE-2026-32813
was published
for
admidio/admidio
(Composer)
Mar 16, 2026
Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
High
CVE-2026-28425
was published
for
statamic/cms
(Composer)
Mar 1, 2026
ProTip!
Advisories are also available from the
GraphQL API