VYPR

PyPI package

gdown

pkg:pypi/gdown

Vulnerabilities (1)

  • CVE-2026-40491MedApr 18, 2026
    affected < 5.2.2fixed 5.2.2

    gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the a