Pyload-ng Project Pyload-ng — known CVE vulnerabilities
Every CVE whose affected-product data names Pyload-ng Project Pyload-ng, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2026-33511 — CVSS 9.8 (critical): pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the local_check…
CVE-2025-54802 — CVSS 9.8 (critical): pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity…
CVE-2024-22416 — CVSS 9.6 (critical): pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET…
CVE-2026-35459 — CVSS 9.1 (critical): pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, pyLoad has a server-side request forgery…
CVE-2026-35463 — CVSS 8.8 (high): pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OPTIONS protection…
CVE-2026-42313 — CVSS 8.3 (high): pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method…
CVE-2026-32808 — CVSS 8.1 (high): pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during…
CVE-2026-42315 — CVSS 8.1 (high): pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the…
CVE-2026-35187 — CVSS 7.7 (high): pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API function in…
CVE-2026-33509 — CVSS 7.5 (high): pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the…
CVE-2026-29778 — CVSS 7.1 (high): pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package()…
CVE-2026-42312 — CVSS 6.8 (medium): pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method…
CVE-2026-35586 — CVSS 6.8 (medium): pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMIN_ONLY_CORE_OPTIONS authorization set…
CVE-2026-33314 — CVSS 6.5 (medium): pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability…
CVE-2026-42314 — CVSS 6.5 (medium): pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using…
CVE-2023-0057 — CVSS 6.1 (medium): Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.
CVE-2026-35592 — CVSS 5.3 (medium): pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function in…
CVE-2026-40594 — CVSS 4.8 (medium): pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set_session_cookie_secure before_request…