Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin Critical
GHSA-8whc-2wmv-ww35 was published for WWBN/AVideo (Composer) Jun 4, 2026
arkmarta Credited to arkmarta
WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Moderate
CVE-2026-50183 was published for WWBN/AVideo (Composer) Jun 4, 2026
arkmarta Credited to arkmarta
WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination Moderate
CVE-2026-50182 was published for WWBN/AVideo (Composer) Jun 4, 2026
arkmarta Credited to arkmarta
Strapi Upload Plugin MIME Validation Bypass via Content API Moderate
CVE-2026-22707 was published for @strapi/upload (npm) May 14, 2026
kaminuma Credited to kaminuma and arkmarta arkmarta arkmarta
Payload has an SQL Injection via Query Handling High
CVE-2026-34747 was published for payload (npm) Apr 1, 2026
hessandrew Credited to hessandrew and arkmarta arkmarta arkmarta
WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in objects/getImage.php Critical
CVE-2026-29058 was published for wwbn/avideo (Composer) Mar 3, 2026
arkmarta Credited to arkmarta
AVideo has Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction Critical
CVE-2026-28502 was published for wwbn/avideo (Composer) Mar 2, 2026
arkmarta Credited to arkmarta
AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php Critical
CVE-2026-28501 was published for wwbn/avideo (Composer) Mar 2, 2026
arkmarta Credited to arkmarta
AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php High
CVE-2026-27732 was published for wwbn/avideo (Composer) Feb 25, 2026
arkmarta Credited to arkmarta
AVideo has Stored Cross-Site Scripting via Markdown Comment Injection Moderate
CVE-2026-27568 was published for wwbn/avideo (Composer) Feb 20, 2026
arkmarta Credited to arkmarta
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database