urllib3 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-44432Highurllib3: urllib3: Decompression-bomb safeguards bypassed in parts of the streaming APICVE-2026-44431Highurllib3: urllib3: Sensitive headers forwarded across origins in proxied low-level redirectsCVE-2026-21441Highurllib3: Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)CVE-2025-66471Highurllib3: urllib3 streaming API improperly handles highly compressed dataCVE-2025-66418Highurllib3: urllib3 allows an unbounded number of links in the decompression chainCVE-2025-50182Mediumurllib3: urllib3 does not control redirects in browsers and Node.jsCVE-2025-50181Mediumurllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiationCVE-2024-37891Mediumurllib3: urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirectsCVE-2023-45803Mediumurllib3: urllib3's request body not stripped after redirect from 303 status changes request method to GETCVE-2018-25091Mediumurllib3: Authorization Header forwarded on redirectCVE-2023-43804Highurllib3: `Cookie` HTTP header isn't stripped on cross-origin redirectsCVE-2016-9015Mediumurllib3: Urllib3 Incorrect Certificate ValidationCVE-2019-11236Mediumurllib3: Improper Neutralization of CRLF Sequences in urllib3 library for PythonCVE-2020-26137Mediumurllib3: CRLF injection in urllib3CVE-2021-33503Highurllib3: Catastrophic backtracking in URL authority parser when passed URL containing many @ charactersCVE-2020-7212Highurllib3: Uncontrolled Resource Consumption in urllib3CVE-2021-28363Mediumurllib3: Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname…CVE-2019-11324Highurllib3: Improper Certificate Validation in urllib3CVE-2018-20060Criticalurllib3: Exposure of Sensitive Information to an Unauthorized Actor in urllib3

Stop the waste.
Protect your environment with Kodem.