[MEDIUM] AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug

PKSA-jw1r-58j1-stm1 CVE-2026-34737 GHSA-38rh-4v39-vfxv

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub