| CVE-2025-66418 |
high |
— |
8.0 |
|
|
|
4mo ago |
RHSA-2026:1254: python-urllib3 security update (Important) |
| CVE-2026-21441 |
high |
— |
8.0 |
|
|
|
5mo ago |
RHSA-2026:1254: python-urllib3 security update (Important) |
| CVE-2025-66471 |
high |
— |
8.0 |
|
|
|
6mo ago |
RHSA-2026:1254: python-urllib3 security update (Important) |
| CVE-2021-28363 |
high |
— |
8.0 |
|
|
|
5y ago |
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't … |
| CVE-2026-44432 |
high |
7.5 |
7.5 |
|
|
|
22d ago |
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) c… |
| CVE-2024-37891 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:8843: python3.11-urllib3 security update (Moderate) |
| CVE-2023-45803 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-43804 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2987: python27:2.7 security update (Moderate) |
| CVE-2018-25091 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2019-11236 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:1916: python-pip security update (Moderate) |
| CVE-2020-26137 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:1761: python27:2.7 security and bug fix update (Moderate) |
| CVE-2021-33503 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate) |
| CVE-2019-11324 |
medium |
— |
5.5 |
|
|
|
7y ago |
RHSA-2020:1916: python-pip security update (Moderate) |
| CVE-2018-20060 |
medium |
— |
5.5 |
|
|
|
8y ago |
RHSA-2020:1916: python-pip security update (Moderate) |
| CVE-2026-44431 |
medium |
5.3 |
5.3 |
|
|
|
22d ago |
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=Fa… |
| CVE-2016-9015 |
low |
3.7 |
3.7 |
|
|
|
10y ago |
Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the l… |
| CVE-2025-50182 |
unknown |
— |
— |
|
|
|
1y ago |
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a P… |
| CVE-2025-50181 |
unknown |
— |
— |
|
|
|
1y ago |
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation |
| CVE-2020-7212 |
unknown |
— |
— |
|
|
|
5y ago |
The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent… |
