yt-dlp
python · yt-dlpHeads-up
yt-dlp Cookie Leak Fix for Curl Downloader
yt-dlp fixed a vulnerability where cookies could be leaked to unintended hosts when using curl as an external downloader.
17 Jun 2026 · schedule it
python · yt-dlpCritical
yt-dlp Vulnerability Allows Arbitrary Shortcut File Write (CVE-2024-38519 Bypass)
A vulnerability in yt-dlp allows remote attackers to write arbitrary OS-shortcut files (.
17 Jun 2026 · act now
python · yt-dlpCritical
yt-dlp arbitrary file write via aria2c in fragmented manifests
yt-dlp versions prior to 2026.06.09 allow arbitrary file write via aria2c when downloading fragmented manifests (HLS/DASH). Attack
17 Jun 2026 · act now
python · yt-dlpCritical
yt-dlp --exec command injection via unsafe string formatting
yt-dlp's --exec option allowed arbitrary command injection through unsafe string formatting conversions (%()s, %()a, %()r, %()j, %
17 Jun 2026 · act now