GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,105 advisories
AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php
Moderate
CVE-2026-35452
was published
for
wwbn/avideo
(Composer)
Apr 4, 2026
AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php
Moderate
CVE-2026-35450
was published
for
wwbn/avideo
(Composer)
Apr 4, 2026
AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php
Moderate
CVE-2026-35449
was published
for
wwbn/avideo
(Composer)
Apr 4, 2026
AVideo: CSRF on Player Skin Configuration via admin/playerUpdate.json.php
Moderate
CVE-2026-35181
was published
for
wwbn/avideo
(Composer)
Apr 3, 2026
AVideo: Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php
Moderate
CVE-2026-35179
was published
for
wwbn/avideo
(Composer)
Apr 3, 2026
phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation
Moderate
CVE-2026-34974
was published
for
thorsten/phpmyfaq
(Composer)
Apr 1, 2026
phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
Moderate
CVE-2026-34973
was published
for
thorsten/phpmyfaq
(Composer)
Apr 1, 2026
AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin
Moderate
GHSA-gmpc-fxg2-vcmq
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()
Moderate
CVE-2026-34729
was published
for
phpmyfaq/phpmyfaq
(Composer)
Apr 1, 2026
CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Moderate
CVE-2026-34562
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Moderate
CVE-2026-34561
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 1, 2026
AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation
Moderate
CVE-2026-34740
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php
Moderate
CVE-2026-34739
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter
Moderate
CVE-2026-34738
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug
Moderate
CVE-2026-34737
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard
Moderate
CVE-2026-34733
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints
Moderate
CVE-2026-34732
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification
Moderate
CVE-2026-34716
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
ProTip!
Advisories are also available from the
GraphQL API