| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|
| CVE-2026-44432 | fixed | fixed | fixed | vulnerable | vulnerable | urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7 ... |
| CVE-2026-44431 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | urllib3 is an HTTP client library for Python. From 1.23 to before 2.7. ... |
| CVE-2026-9375 | vulnerable | vulnerable | vulnerable (no DSA, ignored) | vulnerable | vulnerable | urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in ... |
| CVE-2025-66471 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | urllib3 is a user-friendly HTTP client library for Python. Starting in ... |
| Bug | Description |
|---|
| CVE-2026-21441 | urllib3 is an HTTP client library for Python. urllib3's streaming API ... |
| CVE-2025-66418 | urllib3 is a user-friendly HTTP client library for Python. Starting in ... |
| CVE-2025-50182 | urllib3 is a user-friendly HTTP client library for Python. Starting in ... |
| CVE-2025-50181 | urllib3 is a user-friendly HTTP client library for Python. Prior to 2. ... |
| CVE-2024-37891 | urllib3 is a user-friendly HTTP client library for Python. When using ... |
| CVE-2023-45803 | urllib3 is a user-friendly HTTP client library for Python. urllib3 pre ... |
| CVE-2023-43804 | urllib3 is a user-friendly HTTP client library for Python. urllib3 doe ... |
| CVE-2021-33503 | An issue was discovered in urllib3 before 1.26.5. When provided with a ... |
| CVE-2021-28363 | The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ... |
| CVE-2020-26137 | urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ... |
| CVE-2020-7212 | The _encode_invalid_chars function in util/url.py in the urllib3 libra ... |
| CVE-2019-11324 | The urllib3 library before 1.24.2 for Python mishandles certain cases ... |
| CVE-2019-11236 | In the urllib3 library through 1.24.1 for Python, CRLF injection is po ... |
| CVE-2018-25091 | urllib3 before 1.24.2 does not remove the authorization HTTP header wh ... |
| CVE-2018-20060 | urllib3 before version 1.23 does not remove the Authorization HTTP hea ... |
| CVE-2016-9015 | Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vul ... |
| CVE-2013-2099 | Algorithmic complexity vulnerability in the ssl.match_hostname functio ... |