Yt-dlp
This hub aggregates every CVE we track for Yt-dlp, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
1
Critical
6
High
0
In CISA KEV
Severity distribution
HIGH6MEDIUM3CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
3
0
2024-082026-07
Latest CVEs
The 10 most recently published vulnerabilities affecting Yt-dlp.
- CVE-2026-50019yt-dlp: File Downloader cookie leak with curl6.1
- CVE-2026-50574yt-dlp: Arbitrary code execution via manifest downloads with aria2c8.3
- CVE-2026-50023yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)8.3
- CVE-2025-54072yt-dlp allows `--exec` command injection when using placeholder on Windows7.5
- CVE-2024-38519yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization7.8
- CVE-2024-3566Command injection vulnerability in programing languages on Microsoft Windows operating system.9.8
- CVE-2024-22423yt-dlp `--exec` command injection when using `%q` in yt-dlp on Windows8.3
- CVE-2023-46121Generic Extractor MITM Vulnerability in yt-dlp5.0
- CVE-2023-40581yt-dlp command injection when using `%q` in `--exec` on Windows8.3
- CVE-2023-35934yt-dlp File Downloader cookie leak6.1
Product normalization is registry-driven with AI assist and human review. How it works