VYPR

ytDownloader

by Aandrew Me

CVEs (2)

  • CVE-2026-6219MedApr 13, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The…

  • CVE-2026-6218MedApr 13, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted…