VYPR

Urllib3

by Python (programming language)

pypi: urllib3

Source repositories

CVEs (2)

  • CVE-2026-44432HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2)…

  • CVE-2016-9015LowJan 11, 2017
    risk 0.17cvss 3.7epss 0.01

    Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information…