Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

urllib3 — Vulnerabilities & Security Advisories 8

All 8 CVE vulnerabilities found in urllib3, with AI-generated Chinese analysis, references, and POCs.

Vendor: urllib3

CVE IDTitleCVSSSeverityPublished
CVE-2026-21441 urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) CWE-409 7.5 -2026-01-07
CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data CWE-409 9.8 -2025-12-05
CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain CWE-770 7.5 -2025-12-05
CVE-2025-50182 urllib3 does not control redirects in browsers and Node.js CWE-601 5.3 Medium2025-06-19
CVE-2025-50181 urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation CWE-601 5.3 Medium2025-06-19
CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3 CWE-669 4.4 Medium2024-06-17
CVE-2023-45803 Request body not stripped after redirect in urllib3 CWE-200 4.2 Medium2023-10-17
CVE-2023-43804 `Cookie` HTTP header isn't stripped on cross-origin redirects CWE-200 5.9 Medium2023-10-04

All 8 known CVE vulnerabilities affecting urllib3 with full Chinese analysis, references, and POCs where available.