| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-21441 | urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) | urllib3 | urllib3 | 中危 | - | 2026-01-07 22:09:02 | Deep Dive |
| CVE-2025-66471 | urllib3 Streaming API improperly handles highly compressed data | urllib3 | urllib3 | 高危 | - | 2025-12-05 16:06:09 | Deep Dive |
| CVE-2025-66418 | urllib3 allows an unbounded number of links in the decompression chain | urllib3 | urllib3 | 高危 | - | 2025-12-05 16:02:15 | Deep Dive |
| CVE-2025-50182 | urllib3 does not control redirects in browsers and Node.js | urllib3 | urllib3 | Medium | 5.3 | 2025-06-19 01:42:45 | Deep Dive |
| CVE-2025-50181 | urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation | urllib3 | urllib3 | Medium | 5.3 | 2025-06-19 01:08:00 | Deep Dive |
| CVE-2024-37891 | Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3 | urllib3 | urllib3 | Medium | 4.4 | 2024-06-17 19:18:33 | Deep Dive |
| CVE-2023-45803 | Request body not stripped after redirect in urllib3 | urllib3 | urllib3 | Medium | 4.2 | 2023-10-17 19:43:45 | Deep Dive |
| CVE-2023-43804 | `Cookie` HTTP header isn't stripped on cross-origin redirects | urllib3 | urllib3 | Medium | 5.9 | 2023-10-04 16:01:50 | Deep Dive |