Every CVE whose affected-product data names Yt-dlp Project Yt-dlp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2024-3566 — CVSS 9.8 (critical): A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the…
CVE-2026-26331 — CVSS 8.8 (high): yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's…
CVE-2023-40581 — CVSS 8.3 (high): yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at…
CVE-2026-50574 — CVSS 8.3 (high): yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest…
CVE-2024-22423 — CVSS 8.3 (high): yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using…
CVE-2026-50023 — CVSS 8.3 (high): yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to…
CVE-2025-54072 — CVSS 7.5 (high): yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows…
CVE-2026-50019 — CVSS 6.1 (medium): yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp…
CVE-2023-35934 — CVSS 6.1 (medium): yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp…
CVE-2023-46121 — CVSS 5.0 (medium): yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an…