Pyload-ng

This hub aggregates every CVE we track for Pyload-ng, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Pyload-ng.

• CVE-2026-42315pyLoad: Path Traversal via Package Folder Name in set_package_data8.1May 11, 2026
• CVE-2026-42314pyLoad: Path Traversal via Package Folder Name6.5May 11, 2026
• CVE-2026-42312pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification6.8May 11, 2026
• CVE-2026-42313pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy8.3May 11, 2026
• CVE-2026-40594pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)4.8Apr 21, 2026
• CVE-2026-35592pyLoad has an Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass5.3Apr 7, 2026
• CVE-2026-35586Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng6.8Apr 7, 2026
• CVE-2026-35463pyLoad has Improper Neutralization of Special Elements used in an OS Command8.8Apr 7, 2026
• CVE-2026-35459pyLoad has SSRF fix bypass via HTTP redirect9.1Apr 6, 2026
• CVE-2026-35187pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter7.7Apr 6, 2026
• CVE-2026-33511pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad9.8Mar 24, 2026
• CVE-2026-33509pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration7.5Mar 24, 2026
• CVE-2026-33314pyload-ng: Improper Authentication and Origin Validation Error6.5Mar 24, 2026
• CVE-2026-32808pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification8.1Mar 20, 2026
• CVE-2026-29778pyLoad: Arbitrary File Write via Path Traversal in edit_package()7.1Mar 7, 2026