All 7 CVE vulnerabilities found in yt-dlp, with AI-generated Chinese analysis, references, and POCs.
Vendor: yt-dlp
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-26331 | yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option CWE-78 | 8.8 | High | 2026-02-24 |
| CVE-2025-54072 | yt-dlp allows `--exec` command injection when using placeholder on Windows CWE-78 | 7.5 | High | 2025-07-22 |
| CVE-2024-38519 | yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization CWE-669 | 7.8 | High | 2024-07-02 |
| CVE-2024-22423 | yt-dlp `--exec` command injection when using `%q` in yt-dlp on Windows CWE-78 | 8.4 | High | 2024-04-09 |
| CVE-2023-46121 | Generic Extractor MITM Vulnerability in yt-dlp CWE-444 | 5.0 | Medium | 2023-11-14 |
| CVE-2023-40581 | yt-dlp command injection when using `%q` in `--exec` on Windows CWE-78 | 8.4 | High | 2023-09-25 |
| CVE-2023-35934 | yt-dlp File Downloader cookie leak CWE-200 | 6.1 | Medium | 2023-07-06 |
All 7 known CVE vulnerabilities affecting yt-dlp with full Chinese analysis, references, and POCs where available.