Package impact

PyPI / urllib3

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2025-66418	high	—	8.0	4mo ago	Important: fence-agents security update	+2
CVE-2026-21441	high	—	8.0	5mo ago	Important: fence-agents security update	+2
CVE-2025-66471	high	—	8.0	6mo ago	Important: fence-agents security update	+2
CVE-2021-28363	high	—	8.0	5y ago	The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't …
CVE-2026-44432	high	7.5	7.5	15d ago	urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) c…
CVE-2024-37891	medium	—	5.5	2y ago	Moderate: fence-agents security update	+2
CVE-2023-45803	medium	—	5.5	2y ago	Moderate: fence-agents security and bug fix update	+2
CVE-2023-43804	medium	—	5.5	3y ago	Moderate: fence-agents security update	+2
CVE-2019-11236	medium	—	5.5	4y ago	Moderate: python27:2.7 security, bug fix, and enhancement update
CVE-2020-26137	medium	—	5.5	5y ago	Moderate: python27:2.7 security and bug fix update
CVE-2021-33503	medium	—	5.5	5y ago	Moderate: python38:3.8 and python38-devel:3.8 security update	+1
CVE-2019-11324	medium	—	5.5	7y ago	Moderate: python27:2.7 security, bug fix, and enhancement update
CVE-2018-20060	medium	—	5.5	8y ago	Moderate: python27:2.7 security, bug fix, and enhancement update
CVE-2026-44431	medium	5.3	5.3	15d ago	urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=Fa…