Browse all 7 CVE security advisories affecting yt-dlp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-26331 | yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option — yt-dlpCWE-78 | 8.8 | High | 2026-02-24 |
| CVE-2025-54072 | yt-dlp allows `--exec` command injection when using placeholder on Windows — yt-dlpCWE-78 | 7.5 | High | 2025-07-22 |
| CVE-2024-38519 | yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization — yt-dlpCWE-669 | 7.8 | High | 2024-07-02 |
| CVE-2024-22423 | yt-dlp `--exec` command injection when using `%q` in yt-dlp on Windows — yt-dlpCWE-78 | 8.4 | High | 2024-04-09 |
| CVE-2023-46121 | Generic Extractor MITM Vulnerability in yt-dlp — yt-dlpCWE-444 | 5.0 | Medium | 2023-11-14 |
| CVE-2023-40581 | yt-dlp command injection when using `%q` in `--exec` on Windows — yt-dlpCWE-78 | 8.4 | High | 2023-09-25 |
| CVE-2023-35934 | yt-dlp File Downloader cookie leak — yt-dlpCWE-200 | 6.1 | Medium | 2023-07-06 |
This page lists every published CVE security advisory associated with yt-dlp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.