pyload-ng vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-46561Mediumpyload-ng: pyload-ng: SSRF via HTTP Redirect Bypass in parse_urls APICVE-2026-45348Highpyload-ng: pyLoad is vulnerable to stored XSS in Downloads view via unsanitized link URL in packages.js…CVE-2026-45306Mediumpyload-ng: pyLoad Has Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory in pyLoadCVE-2026-44226Mediumpyload-ng: PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUICVE-2026-42315Highpyload-ng: PyLoad vulnerable to Path Traversal via Package Folder Name in set_package_dataCVE-2026-42314Mediumpyload-ng: PyLoad Vulnerable to Path Traversal via Package Folder NameCVE-2026-42313Highpyload-ng: pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an…CVE-2026-42312Mediumpyload-ng: pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification via unrestricted…CVE-2026-40594Mediumpyload-ng: pyLoad has a Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing…GHSA-FJ52-5G4H-GMQ8Lowpyload-ng: pyLoad's Session Not Invalidated After Permission ChangesCVE-2026-41133Highpyload-ng: pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)CVE-2026-40071Mediumpyload-ng: pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actionsCVE-2026-35592Mediumpyload-ng: pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix…CVE-2026-35586Mediumpyload-ng: pyload-ng: Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch…CVE-2026-35464Highpyload-ng: pyLoad: Unprotected storage_folder enables arbitrary file write to Flask session store and code…CVE-2026-35463Highpyload-ng: pyLoad: Improper Neutralization of Special Elements used in an OS CommandCVE-2026-35459Criticalpyload-ng: pyLoad: SSRF filter bypass via HTTP redirect in BaseDownloader (Incomplete fix for CVE-2026-33992)CVE-2026-35187Highpyload-ng: pyLoad: SSRF in parse_urls API endpoint via unvalidated URL parameterCVE-2026-33992Criticalpyload-ng: pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata ExfiltrationCVE-2026-33509Highpyload-ng: pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect…CVE-2026-33314Mediumpyload-ng: Improper Authentication and Origin Validation Error in pyload-ngCVE-2026-29778Highpyload-ng: pyLoad has an Arbitrary File Write via Path Traversal in edit_package()CVE-2025-61773Highpyload-ng: pyLoad CNL and captcha handlers allow Code Injection via unsanitized parametersCVE-2025-57751Highpyload-ng: Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljsCVE-2025-55156Highpyload-ng: PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

Stop the waste.
Protect your environment with Kodem.