PKSA-kyny-4znw-msn6 Security Advisory
-
[HIGH] AVideo has an incomplete fix of CVE-2026-33482: sanitizeFFmpegCommand still allows a single '&' (background operator), giving OS command execution at the same execAsync sh -c sink
PKSA-kyny-4znw-msn6 CVE-2026-55173 GHSA-wc3f-xc32-435f
Affected package: wwbn/avideo
Affected version: <=29.0
Reported by:
GitHub