Yt-dlp
This hub aggregates every CVE we track for Yt-dlp, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
1
Critical
7
High
0
In CISA KEV
Severity distribution
HIGH7MEDIUM3CRITICAL1
Monthly trend
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
1
0
0
0
3
2024-072026-06
Latest CVEs
The 11 most recently published vulnerabilities affecting Yt-dlp.
- CVE-2026-50019yt-dlp: File Downloader cookie leak with curl6.1
- CVE-2026-50574yt-dlp: Arbitrary code execution via manifest downloads with aria2c8.3
- CVE-2026-50023yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)8.3
- CVE-2026-26331yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option8.8
- CVE-2025-54072yt-dlp allows `--exec` command injection when using placeholder on Windows7.5
- CVE-2024-38519yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization7.8
- CVE-2024-3566Command injection vulnerability in programing languages on Microsoft Windows operating system.9.8
- CVE-2024-22423yt-dlp `--exec` command injection when using `%q` in yt-dlp on Windows8.3
- CVE-2023-46121Generic Extractor MITM Vulnerability in yt-dlp5.0
- CVE-2023-40581yt-dlp command injection when using `%q` in `--exec` on Windows8.3
- CVE-2023-35934yt-dlp File Downloader cookie leak6.1
Product normalization is registry-driven with AI assist and human review. How it works