Security: givanz/Vvveb
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Server-side request forgery in Vvveb via IPv6 bypass of validateUrl() in editor oEmbed proxyGHSA-r6g4-5m3x-xrqj published
Jun 11, 2026 by givanzHigh -
Stored XSS in Vvveb via sanitizeHTML() filter bypass using a quoted greater-than characterGHSA-97xr-82vc-wj2v published
Jun 11, 2026 by givanzHigh -
Path traversal in Vvveb via sanitizeFileName() bypass enables arbitrary file read and delete through backup toolsGHSA-327v-4f9p-5qxq published
Jun 11, 2026 by givanzHigh -
Authenticated editor path traversal to PHP file write/RCE via data-v-save-globalGHSA-c3v9-3xrq-pvqv published
Jun 7, 2026 by givanzHigh -
Path Traversal in Revision Backup Reader/Deleter via Unsanitized theme ParameterGHSA-gjxp-vrcw-69v8 published
Jun 7, 2026 by givanzModerate -
Stored XSS via sanitizeHTML() bypass in user profile bio fieldGHSA-5cg7-phhv-4qjr published
Jun 7, 2026 by givanzHigh -
Server-Side Request Forgery (SSRF) in Vvveb via oEmbedProxyGHSA-xxp7-59p2-4jr8 published
Jun 7, 2026 by givanzHigh -
Vvveb digital asset authorization bypass allows Vendors to list, read, edit, or delete other Vendors' digital assetsGHSA-chpc-xj4m-9g3j published
May 28, 2026 by givanzHigh -
Vvveb product question authorization bypass allows Vendors to read, approve, edit, or delete questions under other Vendors' productsGHSA-cjhq-xqq3-6xv8 published
May 28, 2026 by givanzHigh -
Vvveb product review authorization bypass allows Vendors to read, approve, edit, or delete reviews under other Vendors' productsGHSA-cj37-c5m2-3jmc published
May 28, 2026 by givanzHigh
Learn more about advisories related to givanz/Vvveb in the GitHub Advisory Database