GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
urllib3 streaming API improperly handles highly compressed data
High
CVE-2025-66471
was published
for
urllib3
(pip)
Dec 5, 2025
urllib3 allows an unbounded number of links in the decompression chain
High
CVE-2025-66418
was published
for
urllib3
(pip)
Dec 5, 2025
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Moderate
CVE-2023-45803
was published
for
urllib3
(pip)
Oct 17, 2023
`Cookie` HTTP header isn't stripped on cross-origin redirects
High
CVE-2023-43804
was published
for
urllib3
(pip)
Oct 2, 2023
urllib3 does not control redirects in browsers and Node.js
Moderate
CVE-2025-50182
was published
for
urllib3
(pip)
Jun 18, 2025
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
Moderate
CVE-2025-50181
was published
for
urllib3
(pip)
Jun 18, 2025
Requests vulnerable to .netrc credentials leak via malicious URLs
Moderate
CVE-2024-47081
was published
for
requests
(pip)
Jun 9, 2025
check-jsonschema default caching for remote schemas allows for cache confusion
Moderate
CVE-2024-53848
was published
for
check-jsonschema
(pip)
Dec 2, 2024
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Moderate
CVE-2023-37276
was published
for
aiohttp
(pip)
Jul 20, 2023
Unintended leak of Proxy-Authorization header in requests
Moderate
CVE-2023-32681
was published
for
requests
(pip)
May 22, 2023
ProTip!
Advisories are also available from the
GraphQL API