Lucene search
K

32 matches found

OSV
OSV
added 2026/06/23 5:17 p.m.4 views

DEBIAN-CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS6AI score0.00555EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:17 p.m.5 views

CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

9.6CVSS0.00406EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.6 views

CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

7.4CVSS0.00268EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/23 4:9 p.m.6 views

CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

9.6CVSS6.5AI score0.00406EPSS
Exploits0
Snyk
Snyk
added 2026/06/16 9:13 p.m.8 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via insufficient sanitization of input passed to the aria2c external...

9.6CVSS6.4AI score0.00406EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.4 views

SUSE CVE-2026-26331

yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...

8.8CVSS5.8AI score0.01596EPSS
Exploits2References3
NVD
NVD
added 2026/02/24 3:16 a.m.11 views

CVE-2026-26331

yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...

8.8CVSS0.01596EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.9 views

yt-dlp 操作系统命令注入漏洞

yt-dlp is a branch of youtube-dl based on the now-deprecated youtube-dlc. Versions of yt-dlp from 2023.06.21 to 2026.02.21 had an operating system command injection vulnerability. This vulnerability occurred when using the --netrc-cmd command-line option, which might allow command injection,...

8.8CVSS6.1AI score0.01596EPSS
Exploits2References3
Snyk
Snyk
added 2026/02/23 10:13 p.m.3 views

Command Injection

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Command Injection in the --netrc-cmd option and netrccmd API parameter, which invoke subprocess.Popen with shell=True. The GetCourseRuIE, TeachableIE, and...

8.8CVSS6.2AI score0.01596EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2026/02/23 10:13 p.m.6 views

amusing-app (>=0.2.0 <=0.4.2), arbi-tr-frontend (>=0.1.0 <=0.1.1) +125 more potentially affected by CVE-2026-26331 via yt-dlp (>=2023.6.22 <=2026.1.31)

yt-dlp PYPI version =2023.6.22, =0.2.0, =0.1.0, =1.1.5, =0.1.7, =1.0.0, =1.0.0, =0.1.0, =2024.3.25, =1.1.1, =0.0.2, =0.1.16, =0.4.3, =0.4.4 - depthflow =0.9.0.dev1 and more Source cves: CVE-2026-26331 Source advisory: SNYK:PYTHON-YTDLP-15338139...

8.8CVSS5.7AI score0.01596EPSS
Exploits2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2412

Malicious code in bioql PyPI...

8.3CVSS7.8AI score0.01292EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12460

Malicious code in bioql PyPI...

8.2CVSS8.2AI score0.00417EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-22423

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by...

9.8CVSS7.4AI score0.01292EPSS
Exploits2References2
Veracode
Veracode
added 2025/08/01 11:57 a.m.4 views

Remote Code Execution (RCE)

yt-dlp is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the --exec placeholder on Windows, allowing crafted file paths to execute arbitrary commands...

8.1CVSS8.4AI score0.00562EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2025/07/22 10:43 p.m.6 views

batata-lib (>=0.1.7 <=0.1.8), boosty-downloader (>=1.0.0 <=3.0.0) +76 more potentially affected by CVE-2025-54072 via yt-dlp (>=2025.10.14 <=2025.6.9)

yt-dlp PYPI version =2025.10.14, =0.1.7, =1.0.0, =0.0.2, =0.1.16, =0.4.3, =0.0.2.2, =0.1.0, =3.2.0, =3.4.2 and more Source cves: CVE-2025-54072 Source advisory: SNYK:PYTHON-YTDLP-10878169...

8.1CVSS5.8AI score0.00562EPSS
Exploits0
OSV
OSV
added 2025/07/22 9:34 p.m.4 views

CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

7.5CVSS8.5AI score0.00562EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.3 views

PT-2025-30264 · Eslint +1 · @Eslint/Plugin-Kit +1

Name of the Vulnerable Software and Affected Versions: yt-dlp versions 2025.06.25 and below Description: yt-dlp is a command-line audio/video downloader. A flaw exists where, on Windows, using the --exec option with the default placeholder or results in insufficient sanitization of the expanded...

8.3CVSS8.2AI score0.01254EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2025/05/22 8:58 a.m.7 views

CVE-2019-9701

DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting XSS vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls...

4.8CVSS5.8AI score0.01763EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-35934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak...

8.2CVSS7.5AI score0.00902EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/07/12 12:0 a.m.4 views

The vulnerability of the yt-dlp download utility lies in its lack of measures to neutralize special elements used in the operating system’s command line, allowing a violator to execute arbitrary code.

The vulnerability of the YouTube-DLP download utility exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.3CVSS8.1AI score0.01254EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder