Package impact

PyPI / urllib3

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2025-66418	high	—	8.0				4mo ago	Important: fence-agents security update
CVE-2026-21441	high	—	8.0				5mo ago	Important: fence-agents security update
CVE-2025-66471	high	—	8.0				6mo ago	Important: fence-agents security update
CVE-2021-28363	high	—	8.0				5y ago	The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't …
CVE-2026-44432	high	7.5	7.5				22d ago	urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) c…
CVE-2024-37891	medium	—	5.5				2y ago	Moderate: python3.11-urllib3 security update
CVE-2023-45803	medium	—	5.5				2y ago	Moderate: fence-agents security and bug fix update
CVE-2023-43804	medium	—	5.5				3y ago	Moderate: python3.11-urllib3 security update
CVE-2018-25091	medium	—	5.5				3y ago	RHSA-2024:2988: container-tools:rhel8 security update (Moderate)
CVE-2019-11236	medium	—	5.5				4y ago	RHSA-2020:1916: python-pip security update (Moderate)
CVE-2020-26137	medium	—	5.5				5y ago	RHSA-2021:1761: python27:2.7 security and bug fix update (Moderate)
CVE-2021-33503	medium	—	5.5				5y ago	RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate)
CVE-2019-11324	medium	—	5.5				7y ago	RHSA-2020:1916: python-pip security update (Moderate)
CVE-2018-20060	medium	—	5.5				8y ago	RHSA-2020:1916: python-pip security update (Moderate)
CVE-2026-44431	medium	5.3	5.3				22d ago	urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=Fa…