Moderate severityNVD Advisory· Published Sep 7, 2022· Updated Apr 23, 2025
mangadex-downloader vulnerable to unauthorized file reading
CVE-2022-36082
Description
mangadex-downloader is a command-line tool to download manga from MangaDex. When using file: command and `` is a web URL location (http, https), mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains a patch for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mangadex-downloaderPyPI | >= 1.3.0, < 1.7.2 | 1.7.2 |
Affected products
2- Range: >= 1.3.0, < 1.7.2
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-r9x7-2xmr-v8fwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-36082ghsaADVISORY
- github.com/mansuf/mangadex-downloader/commit/439cc2825198ebc12b3310c95c39a8c7710c9b42ghsax_refsource_MISCWEB
- github.com/mansuf/mangadex-downloader/security/advisories/GHSA-r9x7-2xmr-v8fwghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/mangadex-downloader/PYSEC-2022-264.yamlghsaWEB
News mentions
0No linked articles in our index yet.