Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/yt-dlp@2023.7.6
Typepypi
Namespace
Nameyt-dlp
Version2023.7.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2026.2.21
Latest_non_vulnerable_version2026.2.21
Affected_by_vulnerabilities
0
url VCID-65md-pf4e-jqgx
vulnerability_id VCID-65md-pf4e-jqgx
summary 
`yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` and `youtube-dl` also read config from the working directory (and on Windows executables will be executed from the `yt-dlp` or `youtube-dl` directory), this could lead to arbitrary code being executed.




`yt-dlp` version 2024.07.01 fixes this issue by whitelisting the allowed extensions. `youtube-dl` fixes this issue in commit `d42a222` on the `master` branch and in nightly builds tagged 2024-07-03 or later. This might mean some very uncommon extensions might not get downloaded, however it will also limit the possible exploitation surface. In addition to upgrading, have `.%(ext)s` at the end of the output template and make sure the user trusts the websites that they are downloading from. Also, make sure to never download to a directory within PATH or other sensitive locations like one's user directory, `system32`, or other binaries locations. For users who are not able to upgrade, keep the default output template (`-o "%(title)s [%(id)s].%(ext)s`); make sure the extension of the media to download is a common video/audio/sub/... one; try to avoid the generic extractor; and/or use `--ignore-config --config-location ...` to not load config from common locations.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38519
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.14237
published_at 2026-06-11T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.14331
published_at 2026-06-14T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14357
published_at 2026-06-13T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.14356
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38519
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38519
2
reference_url https://github.com/yt-dlp/yt-dlp
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yt-dlp/yt-dlp
3
reference_url https://securitylab.github.com/advisories/GHSL-2024-089_youtube-dl
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://securitylab.github.com/advisories/GHSL-2024-089_youtube-dl
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079502
reference_id 1079502
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079502
5
reference_url https://github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01
reference_id 2024.07.01
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T15:17:37Z/
url https://github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01
6
reference_url https://github.com/ytdl-org/youtube-dl/pull/32830
reference_id 32830
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T15:17:37Z/
url https://github.com/ytdl-org/youtube-dl/pull/32830
7
reference_url https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a
reference_id 5ce582448ececb8d9c30c8c31f58330090ced03a
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T15:17:37Z/
url https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38519
reference_id CVE-2024-38519
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38519
9
reference_url https://github.com/ytdl-org/youtube-dl/commit/d42a222ed541b96649396ef00e19552aef0f09ec
reference_id d42a222ed541b96649396ef00e19552aef0f09ec
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T15:17:37Z/
url https://github.com/ytdl-org/youtube-dl/commit/d42a222ed541b96649396ef00e19552aef0f09ec
10
reference_url https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq
reference_id GHSA-22fp-mf44-f2mq
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T15:17:37Z/
url https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq
11
reference_url https://github.com/advisories/GHSA-79w7-vh3h-8g4j
reference_id GHSA-79w7-vh3h-8g4j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-79w7-vh3h-8g4j
12
reference_url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
reference_id GHSA-79w7-vh3h-8g4j
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T15:17:37Z/
url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
13
reference_url https://securitylab.github.com/advisories/GHSL-2024-089_youtube-dl/
reference_id GHSL-2024-089_youtube-dl
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T15:17:37Z/
url https://securitylab.github.com/advisories/GHSL-2024-089_youtube-dl/
14
reference_url https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp
reference_id GHSL-2024-090_yt-dlp
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-02T15:17:37Z/
url https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp
15
reference_url https://security.gentoo.org/glsa/202409-30
reference_id GLSA-202409-30
reference_type
scores
url https://security.gentoo.org/glsa/202409-30
fixed_packages
0
url pkg:pypi/yt-dlp@2024.7.1
purl pkg:pypi/yt-dlp@2024.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dbrg-uvxj-qqdz
1
vulnerability VCID-nj93-7bj7-bqbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/yt-dlp@2024.7.1
aliases CVE-2024-38519, GHSA-79w7-vh3h-8g4j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65md-pf4e-jqgx
1
url VCID-9cc8-rqk4-uqh8
vulnerability_id VCID-9cc8-rqk4-uqh8
summary yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle `http_headers` to the Generic extractor, as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using `--no-check-certificate`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46121
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26546
published_at 2026-06-14T12:55:00Z
1
value 0.00095
scoring_system epss
scoring_elements 0.26342
published_at 2026-06-11T12:55:00Z
2
value 0.00095
scoring_system epss
scoring_elements 0.26559
published_at 2026-06-13T12:55:00Z
3
value 0.00095
scoring_system epss
scoring_elements 0.26544
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46121
1
reference_url https://github.com/yt-dlp/yt-dlp
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yt-dlp/yt-dlp
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46121
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46121
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055996
reference_id 1055996
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055996
4
reference_url https://github.com/yt-dlp/yt-dlp/releases/tag/2023.11.14
reference_id 2023.11.14
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:18:50Z/
url https://github.com/yt-dlp/yt-dlp/releases/tag/2023.11.14
5
reference_url https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb
reference_id f04b5bedad7b281bee9814686bba1762bae092eb
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:18:50Z/
url https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb
6
reference_url https://github.com/advisories/GHSA-3ch3-jhc6-5r8x
reference_id GHSA-3ch3-jhc6-5r8x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3ch3-jhc6-5r8x
7
reference_url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x
reference_id GHSA-3ch3-jhc6-5r8x
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:18:50Z/
url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x
8
reference_url https://security.gentoo.org/glsa/202409-30
reference_id GLSA-202409-30
reference_type
scores
url https://security.gentoo.org/glsa/202409-30
fixed_packages
0
url pkg:pypi/yt-dlp@2023.11.14
purl pkg:pypi/yt-dlp@2023.11.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65md-pf4e-jqgx
1
vulnerability VCID-dbrg-uvxj-qqdz
2
vulnerability VCID-def2-csya-t7gv
3
vulnerability VCID-nj93-7bj7-bqbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/yt-dlp@2023.11.14
aliases CVE-2023-46121, GHSA-3ch3-jhc6-5r8x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9cc8-rqk4-uqh8
2
url VCID-def2-csya-t7gv
vulnerability_id VCID-def2-csya-t7gv
summary yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `--exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `--exec` other than `{}` (filepath); if expansion in `--exec` is needed, verify the fields you are using do not contain `"`, `|` or `&`; and/or instead of using `--exec`, write the info json and load the fields from it instead.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22423
reference_id
reference_type
scores
0
value 0.06497
scoring_system epss
scoring_elements 0.91345
published_at 2026-06-13T12:55:00Z
1
value 0.06497
scoring_system epss
scoring_elements 0.91342
published_at 2026-06-14T12:55:00Z
2
value 0.06497
scoring_system epss
scoring_elements 0.91308
published_at 2026-06-11T12:55:00Z
3
value 0.06497
scoring_system epss
scoring_elements 0.91338
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22423
1
reference_url https://github.com/yt-dlp/yt-dlp
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yt-dlp/yt-dlp
2
reference_url https://www.kb.cert.org/vuls/id/123335
reference_id 123335
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:34:51Z/
url https://www.kb.cert.org/vuls/id/123335
3
reference_url https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11
reference_id 2021.04.11
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:34:51Z/
url https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11
4
reference_url https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09
reference_id 2024.04.09
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:34:51Z/
url https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22423
reference_id CVE-2024-22423
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22423
6
reference_url https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e
reference_id de015e930747165dbb8fcd360f8775fd973b7d6e
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:34:51Z/
url https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e
7
reference_url https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a
reference_id ff07792676f404ffff6ee61b5638c9dc1a33a37a
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:34:51Z/
url https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a
8
reference_url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg
reference_id GHSA-42h4-v29r-42qg
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:34:51Z/
url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg
9
reference_url https://github.com/advisories/GHSA-hjq6-52gw-2g7p
reference_id GHSA-hjq6-52gw-2g7p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hjq6-52gw-2g7p
10
reference_url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p
reference_id GHSA-hjq6-52gw-2g7p
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:34:51Z/
url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p
fixed_packages
0
url pkg:pypi/yt-dlp@2024.4.9
purl pkg:pypi/yt-dlp@2024.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65md-pf4e-jqgx
1
vulnerability VCID-dbrg-uvxj-qqdz
2
vulnerability VCID-nj93-7bj7-bqbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/yt-dlp@2024.4.9
aliases CVE-2024-22423, GHSA-hjq6-52gw-2g7p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-def2-csya-t7gv
3
url VCID-nj93-7bj7-bqbt
vulnerability_id VCID-nj93-7bj7-bqbt
summary yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter) is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. yt-dlp maintainers assume the impact of this vulnerability to be high for anyone who uses `--netrc-cmd` in their command/configuration or `netrc_cmd` in their Python scripts. Even though the maliciously crafted URL itself will look very suspicious to many users, it would be trivial for a maliciously crafted webpage with an inconspicuous URL to covertly exploit this vulnerability via HTTP redirect. Users without `--netrc-cmd` in their arguments or `netrc_cmd` in their scripts are unaffected. No evidence has been found of this exploit being used in the wild. yt-dlp version 2026.02.21 fixes this issue by validating all netrc "machine" values and raising an error upon unexpected input. As a workaround, users who are unable to upgrade should avoid using the `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter), or they should at least not pass a placeholder (`{}`) in their `--netrc-cmd` argument.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26331.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26331.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26331
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44661
published_at 2026-06-14T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.44673
published_at 2026-06-13T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44657
published_at 2026-06-12T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44504
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26331
2
reference_url https://github.com/yt-dlp/yt-dlp
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yt-dlp/yt-dlp
3
reference_url https://github.com/yt-dlp/yt-dlp/commit/1fbbe29b99dc61375bf6d786f824d9fcf6ea9c1a
reference_id 1fbbe29b99dc61375bf6d786f824d9fcf6ea9c1a
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T20:08:27Z/
url https://github.com/yt-dlp/yt-dlp/commit/1fbbe29b99dc61375bf6d786f824d9fcf6ea9c1a
4
reference_url https://github.com/yt-dlp/yt-dlp/releases/tag/2026.02.21
reference_id 2026.02.21
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T20:08:27Z/
url https://github.com/yt-dlp/yt-dlp/releases/tag/2026.02.21
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442143
reference_id 2442143
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442143
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26331
reference_id CVE-2026-26331
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26331
7
reference_url https://github.com/advisories/GHSA-g3gw-q23r-pgqm
reference_id GHSA-g3gw-q23r-pgqm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g3gw-q23r-pgqm
8
reference_url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-g3gw-q23r-pgqm
reference_id GHSA-g3gw-q23r-pgqm
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T20:08:27Z/
url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-g3gw-q23r-pgqm
fixed_packages
0
url pkg:pypi/yt-dlp@2026.2.21
purl pkg:pypi/yt-dlp@2026.2.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/yt-dlp@2026.2.21
aliases CVE-2026-26331, GHSA-g3gw-q23r-pgqm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nj93-7bj7-bqbt
4
url VCID-qzy6-y49s-gfgu
vulnerability_id VCID-qzy6-y49s-gfgu
summary yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python's `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\n` will be replaced by `\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain ", | or &. 3. Instead of using --exec, write the info json and load the fields from it instead.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40581
reference_id
reference_type
scores
0
value 0.12983
scoring_system epss
scoring_elements 0.94236
published_at 2026-06-11T12:55:00Z
1
value 0.12983
scoring_system epss
scoring_elements 0.94256
published_at 2026-06-12T12:55:00Z
2
value 0.12983
scoring_system epss
scoring_elements 0.94261
published_at 2026-06-13T12:55:00Z
3
value 0.12983
scoring_system epss
scoring_elements 0.94263
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40581
1
reference_url https://github.com/yt-dlp/yt-dlp
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yt-dlp/yt-dlp
2
reference_url https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.09.24.003044
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.09.24.003044
3
reference_url https://github.com/yt-dlp/yt-dlp/releases/tag/2023.09.24
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yt-dlp/yt-dlp/releases/tag/2023.09.24
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40581
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40581
5
reference_url https://github.com/advisories/GHSA-42h4-v29r-42qg
reference_id GHSA-42h4-v29r-42qg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-42h4-v29r-42qg
6
reference_url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg
reference_id GHSA-42h4-v29r-42qg
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg
fixed_packages
0
url pkg:pypi/yt-dlp@2023.9.24
purl pkg:pypi/yt-dlp@2023.9.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65md-pf4e-jqgx
1
vulnerability VCID-9cc8-rqk4-uqh8
2
vulnerability VCID-dbrg-uvxj-qqdz
3
vulnerability VCID-def2-csya-t7gv
4
vulnerability VCID-nj93-7bj7-bqbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/yt-dlp@2023.9.24
aliases CVE-2023-40581, GHSA-42h4-v29r-42qg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qzy6-y49s-gfgu
Fixing_vulnerabilities
0
url VCID-ap8u-u8x3-57gq
vulnerability_id VCID-ap8u-u8x3-57gq
summary 
yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later).

At the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp's info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped.

yt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders' built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping

Some workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `--load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-35934
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.72339
published_at 2026-06-12T12:55:00Z
1
value 0.00689
scoring_system epss
scoring_elements 0.72347
published_at 2026-06-14T12:55:00Z
2
value 0.00689
scoring_system epss
scoring_elements 0.72257
published_at 2026-06-11T12:55:00Z
3
value 0.00689
scoring_system epss
scoring_elements 0.72353
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-35934
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35934
2
reference_url https://github.com/yt-dlp/yt-dlp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yt-dlp/yt-dlp
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5X6YT6AQE5FHM5VTQLKKJXSYBLLJF26W
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5X6YT6AQE5FHM5VTQLKKJXSYBLLJF26W
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEOKCGVONGHR2SYUIXU33A4MKXZBDP6L
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEOKCGVONGHR2SYUIXU33A4MKXZBDP6L
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IM44RJL2MR2WG3ZY354C5IUEEZUJGEVA
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IM44RJL2MR2WG3ZY354C5IUEEZUJGEVA
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7E7CQ5S5KMZHAMCNU7V7KYNBVCPLBHG
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7E7CQ5S5KMZHAMCNU7V7KYNBVCPLBHG
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-35934
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-35934
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040595
reference_id 1040595
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040595
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079502
reference_id 1079502
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079502
10
reference_url https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729
reference_id 1ceb657bdd254ad961489e5060f2ccc7d556b729
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T16:47:08Z/
url https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729
11
reference_url https://github.com/yt-dlp/yt-dlp/releases/tag/2023.07.06
reference_id 2023.07.06
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T16:47:08Z/
url https://github.com/yt-dlp/yt-dlp/releases/tag/2023.07.06
12
reference_url https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.07.06.185519
reference_id 2023.07.06.185519
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T16:47:08Z/
url https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.07.06.185519
13
reference_url https://github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07
reference_id 3121512228487c9c690d3d39bfd2579addf96e07
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T16:47:08Z/
url https://github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5X6YT6AQE5FHM5VTQLKKJXSYBLLJF26W/
reference_id 5X6YT6AQE5FHM5VTQLKKJXSYBLLJF26W
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T16:47:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5X6YT6AQE5FHM5VTQLKKJXSYBLLJF26W/
15
reference_url https://github.com/yt-dlp/yt-dlp/commit/f8b4bcc0a791274223723488bfbfc23ea3276641
reference_id f8b4bcc0a791274223723488bfbfc23ea3276641
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T16:47:08Z/
url https://github.com/yt-dlp/yt-dlp/commit/f8b4bcc0a791274223723488bfbfc23ea3276641
16
reference_url https://github.com/advisories/GHSA-v8mc-9377-rwjj
reference_id GHSA-v8mc-9377-rwjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8mc-9377-rwjj
17
reference_url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj
reference_id GHSA-v8mc-9377-rwjj
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T16:47:08Z/
url https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj
18
reference_url https://security.gentoo.org/glsa/202409-30
reference_id GLSA-202409-30
reference_type
scores
url https://security.gentoo.org/glsa/202409-30
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEOKCGVONGHR2SYUIXU33A4MKXZBDP6L/
reference_id HEOKCGVONGHR2SYUIXU33A4MKXZBDP6L
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T16:47:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEOKCGVONGHR2SYUIXU33A4MKXZBDP6L/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IM44RJL2MR2WG3ZY354C5IUEEZUJGEVA/
reference_id IM44RJL2MR2WG3ZY354C5IUEEZUJGEVA
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T16:47:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IM44RJL2MR2WG3ZY354C5IUEEZUJGEVA/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7E7CQ5S5KMZHAMCNU7V7KYNBVCPLBHG/
reference_id M7E7CQ5S5KMZHAMCNU7V7KYNBVCPLBHG
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T16:47:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7E7CQ5S5KMZHAMCNU7V7KYNBVCPLBHG/
fixed_packages
0
url pkg:pypi/yt-dlp@2023.7.6
purl pkg:pypi/yt-dlp@2023.7.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65md-pf4e-jqgx
1
vulnerability VCID-9cc8-rqk4-uqh8
2
vulnerability VCID-def2-csya-t7gv
3
vulnerability VCID-nj93-7bj7-bqbt
4
vulnerability VCID-qzy6-y49s-gfgu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/yt-dlp@2023.7.6
1
url pkg:pypi/yt-dlp@2023.7.6.185519
purl pkg:pypi/yt-dlp@2023.7.6.185519
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/yt-dlp@2023.7.6.185519
aliases CVE-2023-35934, GHSA-v8mc-9377-rwjj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ap8u-u8x3-57gq
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/yt-dlp@2023.7.6