[CRITICAL] AVideo has Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction

PKSA-p5zb-45dv-s5gy CVE-2026-28502 GHSA-v8jw-8w5p-23g3

Affected package: wwbn/avideo

Affected version: <21.0

Reported by:
GitHub