GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
71 advisories
AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php
Moderate
CVE-2026-34739
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter
Moderate
CVE-2026-34738
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug
Moderate
CVE-2026-34737
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard
Moderate
CVE-2026-34733
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints
Moderate
CVE-2026-34732
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php
High
CVE-2026-34731
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification
Moderate
CVE-2026-34716
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins
Moderate
CVE-2026-34613
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users
Moderate
CVE-2026-34611
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo has Stored XSS via Unescaped Plugin Configuration Values in Admin Panel
Moderate
CVE-2026-34396
was published
for
wwbn/avideo
(Composer)
Mar 31, 2026
AVideo vulnerable to Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php
Moderate
CVE-2026-34395
was published
for
wwbn/avideo
(Composer)
Mar 31, 2026
AVideo's CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking
High
CVE-2026-34394
was published
for
wwbn/avideo
(Composer)
Mar 31, 2026
AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page
High
CVE-2026-34375
was published
for
wwbn/avideo
(Composer)
Mar 30, 2026
Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands
Moderate
CVE-2026-29772
was published
for
@astrojs/node
(npm)
Mar 24, 2026
Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload
Moderate
CVE-2026-30961
was published
for
github.com/forceu/gokapi
(Go)
Mar 13, 2026
Gokapi vulnerable to DoS in E2E Metadata Parser
Moderate
CVE-2026-30955
was published
for
github.com/forceu/gokapi
(Go)
Mar 13, 2026
Gokapi vulnerable to Privilege Escalation in File Replace
Moderate
CVE-2026-30943
was published
for
github.com/forceu/gokapi
(Go)
Mar 13, 2026
Gokapi has CSRF in Login Endpoint
Moderate
CVE-2026-29084
was published
for
github.com/forceu/gokapi
(Go)
Mar 5, 2026
Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion
Moderate
CVE-2026-29061
was published
for
github.com/forceu/gokapi
(Go)
Mar 5, 2026
Gokapi has Stored XSS in SVG Hotlinks
High
CVE-2026-28683
was published
for
github.com/forceu/gokapi
(Go)
Mar 5, 2026
Gokapi has Data Leak in Upload Status Stream
Moderate
CVE-2026-28682
was published
for
github.com/forceu/gokapi
(Go)
Mar 5, 2026
ProTip!
Advisories are also available from the
GraphQL API