Build software better, together

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Incomplete fix for CVE-2026-33500: XSS in AVideo
GHSA-m7r8-6q9j-m2hc published Apr 13, 2026 by DanielnetoDotCom

Moderate
Incomplete fix: Directory traversal bypass via query string in ReceiveImage downloadURL parameters
GHSA-m63r-m9jh-3vc6 published Apr 13, 2026 by DanielnetoDotCom

Moderate
Stored XSS via Unanchored Duration Regex in Video Encoder Receiver
GHSA-8pv3-29pp-pf8f published Apr 13, 2026 by DanielnetoDotCom

Moderate
SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL
GHSA-j432-4w3j-3w8j published Apr 13, 2026 by DanielnetoDotCom

High
Incomplete fix for CVE-2026-33293: Path Traversal in AVideo
GHSA-5879-4fmr-xwf2 published Apr 13, 2026 by DanielnetoDotCom

Moderate
CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) Exposes Authenticated API Responses
GHSA-ff5q-cc22-fgp4 published Apr 13, 2026 by DanielnetoDotCom

High
CORS Origin Reflection with Credentials on Sensitive API Endpoints Enables Cross-Origin Account Takeover
GHSA-ccq9-r5cw-5hwq published Apr 13, 2026 by DanielnetoDotCom

High
Incomplete fix for CVE-2026-33039: SSRF in AVideo
GHSA-793q-xgj6-7frp published Apr 13, 2026 by DanielnetoDotCom

Moderate
CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure
GHSA-hg7g-56h5-5pqr published Apr 13, 2026 by DanielnetoDotCom

Moderate
Missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators
GHSA-8qm8-g55h-xmqr published Apr 13, 2026 by DanielnetoDotCom

Moderate

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Reporting

Security Advisories

Security: WWBN/AVideo

Security Advisories