pkg:Debian/python-urllib3

28 total CVEsCRITICAL2HIGH10MEDIUM15

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2018-20060python-urllib3 - security update
    from 0, < 1.24-1
  • CRITICAL9.8CVE-2018-20060python-urllib3 - security update
    from 0, < 1.19.1-1+deb9u1
  • HIGH7.5CVE-2026-44432urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
    from 0
  • HIGH7.5CVE-2026-21441Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
    from 0, < 1.26.5-1~exp1+deb11u3
  • HIGH7.5CVE-2026-21441Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
    from 0, < 1.26.12-1+deb12u3
  • HIGH7.5CVE-2026-21441Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
    from 0, < 1.26.5-1~exp1+deb11u3
  • HIGH7.5CVE-2025-66471urllib3 streaming API improperly handles highly compressed data
    from 0
  • HIGH7.5CVE-2025-66418urllib3 allows an unbounded number of links in the decompression chain
    from 0, < 1.26.5-1~exp1+deb11u2
  • HIGH7.5CVE-2025-66418urllib3 allows an unbounded number of links in the decompression chain
    from 0, < 1.26.12-1+deb12u2
  • HIGH7.5CVE-2021-33503Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
    from 0, < 1.26.5-1~exp1
  • HIGH7.5CVE-2020-7212Uncontrolled Resource Consumption in urllib3
    from 0, < 1.25.8-1
  • HIGH7.5CVE-2019-11324Improper Certificate Validation in urllib3
    from 0, < 1.25.6-4
  • MEDIUM6.5CVE-2020-26137CRLF injection in urllib3
    from 0, < 1.25.9-1
  • MEDIUM6.5CVE-2021-28363Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
    from 0, < 1.26.4-1
  • MEDIUM6.1CVE-2018-25091python-urllib3 - security update
    from 0, < 1.25.6-4
  • MEDIUM6.1CVE-2018-25091python-urllib3 - security update
    from 0, < 1.24.1-1+deb10u1
  • MEDIUM6.1CVE-2019-11236python-urllib3 - security update
    from 0, < 1.9.1-3+deb8u1
  • MEDIUM6.1CVE-2019-11236python-urllib3 - security update
    from 0, < 1.25.6-4
  • MEDIUM5.9CVE-2023-43804`Cookie` HTTP header isn't stripped on cross-origin redirects
    from 0, < 1.26.5-1~exp1+deb11u1
  • MEDIUM5.9CVE-2023-43804`Cookie` HTTP header isn't stripped on cross-origin redirects
    from 0, < 1.26.5-1~exp1+deb11u1
  • MEDIUM5.3CVE-2026-44431urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
    from 0
  • MEDIUM5.3CVE-2025-50182urllib3 does not control redirects in browsers and Node.js
    from 0, < 2.3.0-3
  • MEDIUM5.3CVE-2025-50181urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
    from 0, < 1.26.5-1~exp1+deb11u2
  • MEDIUM5.3CVE-2025-50181urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
    from 0, < 1.26.5-1~exp1+deb11u2
  • MEDIUM4.4CVE-2024-37891urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
    from 0, < 1.26.5-1~exp1+deb11u1
  • MEDIUM4.2CVE-2023-45803urllib3's request body not stripped after redirect from 303 status changes request method to GET
    from 0, < 1.24.1-1+deb10u2
  • MEDIUM4.2CVE-2023-45803urllib3's request body not stripped after redirect from 303 status changes request method to GET
    from 0, < 1.26.5-1~exp1+deb11u1
  • CVE-2013-2099bzr - security update
    from 0, < 1.6-2