HIGH PyPI
GHSA-2xpw-w6gg-jr37 · CVE-2025-66471 urllib3 streaming API improperly handles highly compressed data
수정: 2026. 2. 4.
package
PyPI / urllib3
pkg:pypi/urllib3
MEDIUM 4.4 PyPI
GHSA-34jh-p97f-mpxf · CVE-2024-37891 urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
수정: 2026. 2. 4.
HIGH 7.5 PyPI
GHSA-38jv-5279-wg99 · CVE-2026-21441 Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
수정: 2026. 2. 4.
MEDIUM 5.3 PyPI
GHSA-48p4-8xcf-vxj5 · CVE-2025-50182 urllib3 does not control redirects in browsers and Node.js
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-5phf-pp7p-vc2r · CVE-2021-28363, PYSEC-2021-59 Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
수정: 2026. 3. 13.
MEDIUM 4.2 PyPI
GHSA-g4mx-q9vg-27p4 · CVE-2023-45803, PYSEC-2023-212 urllib3's request body not stripped after redirect from 303 status changes request method to GET
수정: 2026. 2. 4.
HIGH PyPI
GHSA-gm62-xv2j-4w53 · CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain
수정: 2026. 2. 4.
MEDIUM 6.1 PyPI
GHSA-gwvm-45gx-3cf8 · CVE-2018-25091, PYSEC-2023-207 Authorization Header forwarded on redirect
수정: 2024. 11. 18.
HIGH 7.5 PyPI
GHSA-hmv2-79q8-fv6g · CVE-2020-7212, PYSEC-2020-149 Uncontrolled Resource Consumption in urllib3
수정: 2024. 11. 18.
HIGH 7.5 PyPI
GHSA-mf9v-mfxr-j63j · CVE-2026-44432, PYSEC-2026-142 urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
수정: 2026. 5. 20.
HIGH 7.5 PyPI
GHSA-mh33-7rrq-662w · CVE-2019-11324, PYSEC-2019-133 Improper Certificate Validation in urllib3
수정: 2024. 11. 18.
MEDIUM 5.3 PyPI
GHSA-pq67-6m6q-mj2v · CVE-2025-50181 urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
수정: 2026. 2. 4.
HIGH 7.5 PyPI
GHSA-q2q7-5pp4-w6pg · CVE-2021-33503, PYSEC-2021-108 Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
수정: 2026. 3. 13.
MEDIUM 5.3 PyPI
GHSA-qccp-gfcp-xxvc · CVE-2026-44431, PYSEC-2026-141 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
수정: 2026. 5. 20.
MEDIUM 6.1 PyPI
GHSA-r64q-w8jr-g9qp · CVE-2019-11236, PYSEC-2019-132 Improper Neutralization of CRLF Sequences in urllib3 library for Python
수정: 2024. 11. 18.
LOW 3.7 PyPI
GHSA-v4w5-p2hg-8fh6 · CVE-2016-9015, PYSEC-2017-98 Urllib3 Incorrect Certificate Validation
수정: 2024. 11. 18.
MEDIUM 5.9 PyPI
GHSA-v845-jxx5-vc9f · CVE-2023-43804, PYSEC-2023-192 `Cookie` HTTP header isn't stripped on cross-origin redirects
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-wqvq-5m8c-6g24 · CVE-2020-26137, PYSEC-2020-148 CRLF injection in urllib3
수정: 2024. 11. 18.
CRITICAL 9.8 PyPI
GHSA-www2-v7xj-xrc6 · CVE-2018-20060, PYSEC-2018-32 Exposure of Sensitive Information to an Unauthorized Actor in urllib3
수정: 2024. 12. 27.
— PyPI
PYSEC-2017-98 · CVE-2016-9015, GHSA-v4w5-p2hg-8fh6 수정: 2023. 11. 8.
— PyPI
PYSEC-2018-32 · CVE-2018-20060, GHSA-www2-v7xj-xrc6 수정: 2023. 11. 8.
— PyPI
PYSEC-2019-132 · CVE-2019-11236, GHSA-r64q-w8jr-g9qp 수정: 2023. 11. 8.
— PyPI
PYSEC-2019-133 · CVE-2019-11324, GHSA-mh33-7rrq-662w 수정: 2023. 11. 8.
— PyPI
PYSEC-2020-148 · CVE-2020-26137, GHSA-wqvq-5m8c-6g24 수정: 2023. 11. 8.
— PyPI
PYSEC-2020-149 · CVE-2020-7212, GHSA-hmv2-79q8-fv6g 수정: 2023. 11. 8.
— PyPI
PYSEC-2021-108 · CVE-2021-33503, GHSA-q2q7-5pp4-w6pg 수정: 2026. 6. 8.
— PyPI
PYSEC-2021-59 · CVE-2021-28363, GHSA-5phf-pp7p-vc2r 수정: 2023. 11. 8.
HIGH 8.1 PyPI
PYSEC-2023-192 · CVE-2023-43804, GHSA-v845-jxx5-vc9f 수정: 2023. 11. 8.
MEDIUM 6.1 PyPI
PYSEC-2023-207 · CVE-2018-25091, GHSA-gwvm-45gx-3cf8 수정: 2023. 11. 8.
MEDIUM 4.2 PyPI
PYSEC-2023-212 · CVE-2023-45803, GHSA-g4mx-q9vg-27p4 수정: 2023. 11. 8.
MEDIUM 5.3 PyPI
PYSEC-2026-141 · CVE-2026-44431, GHSA-qccp-gfcp-xxvc 수정: 2026. 5. 20.
HIGH 7.5 PyPI
PYSEC-2026-142 · CVE-2026-44432, GHSA-mf9v-mfxr-j63j 수정: 2026. 5. 20.