Package impact

PyPI / requests

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2015-2296	medium	—	6.8	11y ago	The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
CVE-2024-47081	medium	—	5.5	10mo ago	Moderate: python-requests security update	+1
CVE-2024-35195	medium	—	5.5	1y ago	Moderate: python-requests security update	+1
CVE-2023-32681	medium	—	5.5	3y ago	Moderate: python38:3.8 and python38-devel:3.8 security update	+1
CVE-2018-18074	medium	—	5.5	8y ago	Moderate: python27:2.7 security, bug fix, and enhancement update
CVE-2014-1830	medium	—	5.0	4y ago	Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.
CVE-2014-1829	medium	—	5.0	12y ago	Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
CVE-2026-25645	unknown	—	—	2mo ago	Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function