Please report security issues to developer@streamphp.com
Security: WWBN/AVideo
Security
.github/SECURITY.md
-
Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.phpGHSA-99j6-hj87-6fcf published
Apr 2, 2026 by DanielnetoDotComModerate -
Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.phpGHSA-2vg4-rrx4-qcpq published
Apr 2, 2026 by DanielnetoDotComModerate -
Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.phpGHSA-hg8q-8wqr-35xx published
Apr 2, 2026 by DanielnetoDotComModerate -
Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.phpGHSA-3v7m-qg4x-58h9 published
Apr 2, 2026 by DanielnetoDotComLow -
CSRF on Player Skin Configuration via admin/playerUpdate.json.phpGHSA-4q27-4rrq-fx95 published
Apr 1, 2026 by DanielnetoDotComModerate -
CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File WriteGHSA-5572-2jgx-fc7c published
Apr 1, 2026 by DanielnetoDotComModerate -
Unauthenticated Instagram Graph API Proxy via publishInstagram.json.phpGHSA-x9w5-xccw-5h9w published
Apr 1, 2026 by DanielnetoDotComModerate -
Stored XSS via Unescaped Menu Item Fields in TopMenu PluginGHSA-gmpc-fxg2-vcmq published
Mar 31, 2026 by DanielnetoDotComModerate -
Stored SSRF via Video EPG Link Missing isSSRFSafeURL() ValidationGHSA-x5vx-vrpf-r45f published
Mar 30, 2026 by DanielnetoDotComModerate -
Reflected XSS via Unescaped ip Parameter in User_Location testIP.phpGHSA-jqrj-chh6-8h78 published
Mar 30, 2026 by DanielnetoDotComModerate
Learn more about advisories related to WWBN/AVideo in the GitHub Advisory Database