pkg:PyPI/urllib3

All known vulnerabilities

• CRITICAL9.8CVE-2018-20060python-urllib3 - security update
  from 0, < 1.23
• CRITICAL9.8CVE-2018-20060python-urllib3 - security update
  from 0, < 1.23
• HIGH7.5CVE-2026-44432urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
  >= 2.6.0, < 2.7.0
• HIGH7.5urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
  >= 2.6.0, < 2.7.0
• HIGH7.5python-urllib3 - regression update
  >= 1.22, < 2.6.3
• HIGH7.5urllib3 streaming API improperly handles highly compressed data
  >= 1.0, < 2.6.0
• HIGH7.5python-urllib3 - security update
  >= 1.24, < 2.6.0
• HIGH7.5Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
  from 0, < 2d4a3fee6de2fa45eb82169361918f759269b4ec | from 0, < 1.26.5
• HIGH7.5Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
  >= 1.25.4, < 1.26.5
• HIGH7.5Uncontrolled Resource Consumption in urllib3
  >= 1.25.2, < 1.25.8
• HIGH7.5Uncontrolled Resource Consumption in urllib3
  from 0, < a74c9cfbaed9f811e7563cfc3dce894928e0221a | >= 1.25.2, < 1.25.8
• HIGH7.5Improper Certificate Validation in urllib3
  from 0, < 1.24.2
• HIGH7.5Improper Certificate Validation in urllib3
  from 0, < 1.24.2
• MEDIUM6.5CRLF injection in urllib3
  from 0, < 1dd69c5c5982fae7c87a620d487c2ebf7a6b436b | from 0, < 1.25.9
• MEDIUM6.5CRLF injection in urllib3
  from 0, < 1.25.9
• MEDIUM6.5Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
  from 0, < 8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 | >= 1.26.0, < 1.26.4
• MEDIUM6.5Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
  >= 1.26.0, < 1.26.4
• MEDIUM6.1python-urllib3 - security update
  from 0, < 1.24.2
• MEDIUM6.1python-urllib3 - security update
  from 0, < adb358f8e06865406d1f05e581a16cbea2136fbc | from 0, < 1.24.2
• MEDIUM6.1python-urllib3 - security update
  from 0, < 1.24.3
• MEDIUM6.1python-urllib3 - security update
  from 0, < 1.24.3
• MEDIUM5.9python-urllib3 - security update
  >= 2.0.0, < 2.0.6
• MEDIUM5.9python-urllib3 - security update
  from 0, < 644124ecd0b6e417c527191f866daa05a5a2056d, < 01220354d389cd05474713f8c982d05c9b17aafb | >= 2.0.0, < 2.0.6, from 0, < 1.26.17
• MEDIUM5.3urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
  >= 1.23, < 2.7.0
• MEDIUM5.3urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
  >= 1.23, < 2.7.0
• MEDIUM5.3urllib3 does not control redirects in browsers and Node.js
  >= 2.2.0, < 2.5.0
• MEDIUM5.3python-urllib3 - security update
  from 0, < 2.5.0
• MEDIUM4.4urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
  from 0, < 1.26.19
• MEDIUM4.2python-urllib3 - security update
  from 0, < 4e98d57809dacab1cbe625fddeec1a290c478ea9 | >= 2.0.0, < 2.0.7, from 0, < 1.26.18
• MEDIUM4.2python-urllib3 - security update
  >= 2.0.0, < 2.0.7
• LOW3.7Urllib3 Incorrect Certificate Validation
  >= 1.17, < 1.18.1
• LOW3.7Urllib3 Incorrect Certificate Validation
  >= 1.17, < 1.18.1