Package impact
PyPI / urllib3
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-66418 | high | — | 8.0 | 4mo ago | Important: fence-agents security update | |||
| CVE-2026-21441 | high | — | 8.0 | 5mo ago | Important: fence-agents security update | |||
| CVE-2025-66471 | high | — | 8.0 | 6mo ago | Important: fence-agents security update | |||
| CVE-2021-28363 | high | — | 8.0 | 5y ago | The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't … | |||
| CVE-2026-44432 | high | 7.5 | 7.5 | 22d ago | urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) c… |