Browse all 7 CVE security advisories affecting yt-dlp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
yt-dlp serves as a command-line tool for downloading videos from YouTube and other platforms, enabling media extraction and archival. Historically, it has been susceptible to multiple remote code execution vulnerabilities due to insecure subprocess handling and improper input validation, along with cross-site scripting issues through malicious URLs. The tool's nature of executing external commands and parsing untrusted input makes it prone to privilege escalation when run with elevated permissions. While no major public security incidents have been widely documented, its seven CVE records highlight consistent risks in handling malformed URLs and external dependencies, requiring careful sandboxing and input sanitization in deployment environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-26331 | yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option — yt-dlpCWE-78 | 8.8 | High | 2026-02-24 |
| CVE-2025-54072 | yt-dlp allows `--exec` command injection when using placeholder on Windows — yt-dlpCWE-78 | 7.5 | High | 2025-07-22 |
| CVE-2024-38519 | yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization — yt-dlpCWE-669 | 7.8 | High | 2024-07-02 |
| CVE-2024-22423 | yt-dlp `--exec` command injection when using `%q` in yt-dlp on Windows — yt-dlpCWE-78 | 8.4 | High | 2024-04-09 |
| CVE-2023-46121 | Generic Extractor MITM Vulnerability in yt-dlp — yt-dlpCWE-444 | 5.0 | Medium | 2023-11-14 |
| CVE-2023-40581 | yt-dlp command injection when using `%q` in `--exec` on Windows — yt-dlpCWE-78 | 8.4 | High | 2023-09-25 |
| CVE-2023-35934 | yt-dlp File Downloader cookie leak — yt-dlpCWE-200 | 6.1 | Medium | 2023-07-06 |
This page lists every published CVE security advisory associated with yt-dlp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.