Vulnerabilities in yt-dlp
10 resultsCVE-2026-26331HIGHyt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` optionEPSS 1.6%CVE-2023-40581HIGHyt-dlp command injection when using `%q` in `--exec` on WindowsEPSS 1.3%CVE-2024-22423HIGHyt-dlp `--exec` command injection when using `%q` in yt-dlp on WindowsEPSS 1.3%CVE-2023-35934MEDIUMyt-dlp File Downloader cookie leakEPSS 0.9%CVE-2025-54072HIGHyt-dlp allows `--exec` command injection when using placeholder on WindowsEPSS 0.6%CVE-2026-50023HIGHyt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)EPSS 0.5%CVE-2026-50574HIGHyt-dlp: Arbitrary code execution via manifest downloads with aria2cEPSS 0.4%CVE-2024-38519HIGHyt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitizationEPSS 0.3%CVE-2023-46121MEDIUMGeneric Extractor MITM Vulnerability in yt-dlpEPSS 0.3%CVE-2026-50019MEDIUMyt-dlp: File Downloader cookie leak with curlEPSS 0.3%