HIGH8.8CVE-2026-26331yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option >= 2023.06.21, < 2026.02.21
HIGH8.3CVE-2024-22423yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581) >= 2021.04.11, < 2024.04.09
HIGH8.3CVE-2023-40581yt-dlp on Windows vulnerable to `--exec` command injection when using `%q` >= 2021.04.11, < 2023.09.24
HIGH7.8yt-dlp File system modification and RCE through improper file-extension sanitization
from 0, < 2024.07.01
MEDIUM6.1yt-dlp File Downloader cookie leak
from 0, < 2023.7.06
MEDIUM5.0yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
>= 2022.10.04, < 2023.11.14