2 matches found
CVE-2026-40491
gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...
accutuning-helpers (>=1.0.32 <=1.0.33), adaptnlp (>=0.3.0 <=0.3.7) +239 more potentially affected by CVE-2026-40491 via gdown (>=3.11.0 <=5.2.1)
gdown PYPI version =3.11.0, =1.0.32, =0.3.0, =0.0.0, =0.2.0, =0.0.2, =1.14.0, =0.4.0, =0.1.1, =0.0.1, =1.2.14 and more Source cves: CVE-2026-40491 Source advisory: OSV:GHSA-76HW-P97H-883F...