Package impact
PyPI / urllib3
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-66418 | high | — | 8.0 | 4mo ago | RHSA-2026:1254: python-urllib3 security update (Important) | |||
| CVE-2026-21441 | high | — | 8.0 | 5mo ago | RHSA-2026:1254: python-urllib3 security update (Important) | |||
| CVE-2025-66471 | high | — | 8.0 | 6mo ago | RHSA-2026:1254: python-urllib3 security update (Important) | |||
| CVE-2021-28363 | high | — | 8.0 | 5y ago | The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't … | |||
| CVE-2026-44432 | high | 7.5 | 7.5 | 22d ago | urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) c… |