It was recently discovered that the mpv player is vulnerable to an remote execution attack, as documented below:
https://github.com/mpv-player/mpv/issues/5456
https://www.suse.com/security/cve/CVE-2018-6360/
Since our desktop app uses libmpv, we immediately dispatched our security experts to investigate. We are happy to report that the conclusion is, Stremio is NOT vulnerable to this attack. Our desktop application uses a stripped-down version of libmpv, which does not include youtube-dl at all; as this is the component that contributes to the existence of this vulnerability, Stremio is 100% safe.
We have said that before, and we’ll never get tired of saying it: safe, secure and pleasant user experience is an utmost priority for us. We will never allow for our system to be compromised, and our security team will continue to work tirelessly to ensure your safety. As usual, we remain open to any security-related questions that you may have.