GHSA-gph2-j4c9-vhhr: WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks

April 14, 2026

This advisory has been withdrawn.

References

github.com/WWBN/AVideo
github.com/WWBN/AVideo/commit/c08694bf6264eb4decceb78c711baee2609b4efd
github.com/WWBN/AVideo/security/advisories/GHSA-gph2-j4c9-vhhr
github.com/advisories/GHSA-gph2-j4c9-vhhr

Code Behaviors & Features

Detect and mitigate GHSA-gph2-j4c9-vhhr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →