diff --git a/pkgs/applications/video/kodi/addons/sendtokodi/default.nix b/pkgs/applications/video/kodi/addons/sendtokodi/default.nix
index f6946842ded4..f801be10f35f 100644
--- a/pkgs/applications/video/kodi/addons/sendtokodi/default.nix
+++ b/pkgs/applications/video/kodi/addons/sendtokodi/default.nix
@@ -13,7 +13,10 @@ buildKodiAddon rec {
   };
 
   patches = [
-    ./use-packaged-deps.patch
+    # Unconditionally depend on packaged yt-dlp. This removes the ability to
+    # use youtube_dl, which is unmaintained and considered vulnerable (see
+    # CVE-2024-38519).
+    ./use-packaged-yt-dlp.patch
   ];
 
   propagatedBuildInputs = [
@@ -26,14 +29,14 @@ buildKodiAddon rec {
   '';
 
   passthru = {
-    # Instead of the vendored libraries, we propagate youtube-dl and yt-dlp via
-    # the Python path.
-    pythonPath = with kodi.pythonPackages; makePythonPath [ youtube-dl yt-dlp ];
+    # Instead of the vendored libraries, we propagate yt-dlp via the Python
+    # path.
+    pythonPath = with kodi.pythonPackages; makePythonPath [ yt-dlp ];
   };
 
   meta = with lib; {
     homepage = "https://github.com/firsttris/plugin.video.sendtokodi";
-    description = "Plays various stream sites on Kodi using youtube-dl";
+    description = "Plays various stream sites on Kodi using yt-dlp";
     license = licenses.mit;
     maintainers = teams.kodi.members ++ [ maintainers.pks ];
   };
diff --git a/pkgs/applications/video/kodi/addons/sendtokodi/use-packaged-deps.patch b/pkgs/applications/video/kodi/addons/sendtokodi/use-packaged-yt-dlp.patch
similarity index 59%
rename from pkgs/applications/video/kodi/addons/sendtokodi/use-packaged-deps.patch
rename to pkgs/applications/video/kodi/addons/sendtokodi/use-packaged-yt-dlp.patch
index abfea58a7ceb..b53e1a434fff 100644
--- a/pkgs/applications/video/kodi/addons/sendtokodi/use-packaged-deps.patch
+++ b/pkgs/applications/video/kodi/addons/sendtokodi/use-packaged-yt-dlp.patch
@@ -1,16 +1,18 @@
 diff --git a/service.py b/service.py
-index 1d7b6e4..9782993 100644
+index 024ad9a..6ef71dd 100644
 --- a/service.py
 +++ b/service.py
-@@ -241,9 +241,9 @@ def playlistIndex(url, playlist):
+@@ -243,11 +243,8 @@ def playlistIndex(url, playlist):
+ 
  
  # Use the chosen resolver while forcing to use youtube_dl on legacy python 2 systems (dlp is python 3.6+)
- if xbmcplugin.getSetting(int(sys.argv[1]),"resolver") == "0" or sys.version_info[0] == 2:
+-if xbmcplugin.getSetting(int(sys.argv[1]),"resolver") == "0" or sys.version_info[0] == 2:
 -    from lib.youtube_dl import YoutubeDL
-+    from youtube_dl import YoutubeDL
- else:
+-else:
 -    from lib.yt_dlp import YoutubeDL
-+    from yt_dlp import YoutubeDL
-     
+-    
++from yt_dlp import YoutubeDL
++
  # patch broken strptime (see above)
  patch_strptime()
+