[SECURITY] Fedora 44 Update: yt-dlp-2026.02.21-1.fc44

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

[SECURITY] Fedora 43 Update: yt-dlp-2026.02.21-1.fc43

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

CVE-2025-62185

In Ankitects Anki prior to 25.02.5, a crafted shared deck can place a YouTube downloader executable (names include youtube-dl.exe, yt-dlp.exe, or yt-dlp_x86.exe) in the media folder. This executable can be run when a YouTube link is present in the deck, enabling potential arbitrary code execution...

EUVD-2024-1216

Malicious code in bioql PyPI...

EUVD-2025-29361

Malicious code in bioql PyPI...

TencentOS Server 4: youtube-dl (TSSA-2025:0179)

"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0179 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

aij (>=1.0.14 <=1.2.10), aiotube (>=1.2.0 <=1.2.2) +357 more potentially affected by unknown CVE via youtube-dl (>=2015.9.22 <=2021.6.6)

youtube-dl PYPI version =2015.9.22, =1.0.14, =1.2.0, =0.0.1, =1.3.0, =0.1.0, =0.0.4, =0.0.1b1, =2.1.2, =0.4.6, =1.0.3, =0.0.2, =0.0.3 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-YOUTUBEDL-10116724...

youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

Description This advisory follows the security advisory GHSA-79w7-vh3h-8g4j published by the yt-dlp/yt-dlp project to aid remediation of the issue in the ytdl-org/youtube-dl project. Vulnerability youtube-dl does not limit the extensions of downloaded files, which could lead to arbitrary filename...

Linux Distros Unpatched Vulnerability : CVE-2024-38519

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded...

SUSE CVE-2024-38519

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

yt-dlp: Multiple Vulnerabilities

Background yt-dlp is a youtube-dl fork with additional features and fixes. Description Multiple vulnerabilities have been found in yt-dlp. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

[SECURITY] Fedora 40 Update: yt-dlp-2024.07.02-1.fc40

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

PT-2024-27730 · A+Hrd +1 · A+Hrd +1

Name of the Vulnerable Software and Affected Versions: a+HRD affected versions not specified Description: The issue concerns the functionality for downloading files using youtube-dl.exe in a+HRD, which does not properly restrict user input. This allows attackers to pass arbitrary arguments to...

CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

yt-dlp 安全漏洞

yt-dlp is based on the youtube-dl branch of the now inactive youtube-dlc. A security vulnerability exists in yt-dlp that stems from not properly escaping special characters, resulting in a remote code execution vulnerability...

CVE-2023-46121

CVE-2023-46121 – yt-dlp Generic Extractor MitM vulnerability affects the yt-dlp project (a fork of youtube-dl) where the Generic Extractor could be fed an arbitrary proxy via a crafted URL, enabling a man-in-the-middle on the HTTP session and potential cookie exfiltration. Technical details acros...

Fedora: Security Advisory for youtube-dl (FEDORA-2023-1f11546a48)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...