Browse all 37 CVE security advisories affecting Pyload. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pyload is an open-source download manager and automation tool designed to facilitate the collection of files from various hosting services. Its architecture, which often involves executing user-supplied scripts and managing complex file interactions, has historically exposed it to significant security risks. Analysis of its thirty-seven recorded Common Vulnerabilities and Exposures reveals a pattern of critical flaws, primarily involving Remote Code Execution (RCE) and Cross-Site Scripting (XSS). These vulnerabilities frequently stem from insufficient input validation and improper handling of uploaded content, allowing attackers to escalate privileges or inject malicious payloads. Notable incidents highlight the severity of these issues, with several CVEs enabling full system compromise through simple configuration changes or file uploads. The software’s reliance on Python-based execution engines further amplifies the risk, as many exploits leverage deserialization flaws or command injection vectors. Consequently, users must apply strict security hardening and regular updates to mitigate these persistent threats inherent in its design.
GHSA-60hx-chf7-33322026-04-22CVE-2026-41332026-04-22GHSA-4744-96p5-mp2j2026-04-08CVE-2026-354832026-04-08GHSA-7q4m-8hv2-4qh32026-04-08CVE-2026-335092026-04-08GHSA-7gvf-3w72-p2pg2026-04-07CVE-2026-339922026-04-07CVE-2025-617732025-10-10CVE-2025-577512025-08-23Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with Pyload. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.