CVE-2024-38519
- EPSS 0.03%
- Published 02.07.2024 14:15:13
- Last modified 21.11.2024 09:26:09
`yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (...
CVE-2024-3566
- EPSS 5.83%
- Published 10.04.2024 16:15:16
- Last modified 25.06.2025 20:24:12
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
CVE-2023-46121
- EPSS 0.08%
- Published 15.11.2023 00:15:09
- Last modified 21.11.2024 08:27:55
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HT...
CVE-2023-40581
- EPSS 3.57%
- Published 25.09.2023 19:15:09
- Last modified 21.11.2024 08:19:45
yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its ...
CVE-2023-35934
- EPSS 0.51%
- Published 06.07.2023 20:15:09
- Last modified 21.11.2024 08:09:00
yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragme...