CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

201 matches found

Github Security Blog•added 2026/01/07 7:18 p.m.•10 views

Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip,...

8.9CVSS6.5AI score0.00032EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/01/07 12:0 a.m.•2 views

PT-2026-2060

Name of the Vulnerable Software and Affected Versions urllib3 versions 1.22 through 2.6.2 Description urllib3 is a Python HTTP client library. Its streaming API is designed for efficient handling of large HTTP responses by reading content in chunks. The library decompresses content based on the...

8.9CVSS6.5AI score0.00032EPSS

Exploits0References164

Amazon•added 2026/01/05 12:0 a.m.•2 views

Medium: python-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...

8.9CVSS6.8AI score0.00021EPSS

Exploits0

RedhatCVE•added 2025/12/15 4:38 p.m.•2 views

CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

8.9CVSS6.8AI score0.00017EPSS

Exploits0References5

SUSE CVE•added 2025/12/12 12:24 a.m.•1 views

SUSE CVE-2025-66471

5.3CVSS6.9AI score0.00017EPSS

Exploits0References25

Microsoft CVE•added 2025/12/10 9:3 a.m.•1 views

urllib3 Streaming API improperly handles highly compressed data

...

8.9CVSS7AI score0.00017EPSS

Exploits0

Github Security Blog•added 2025/12/05 6:15 p.m.•8 views

urllib3 streaming API improperly handles highly compressed data

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.7AI score0.00017EPSS

Exploits0References4Affected Software1

OSV•added 2025/12/05 5:16 p.m.•1 views

AZL-71849 CVE-2025-66471 affecting package python-urllib3 1.26.19-3

8.9CVSS6.8AI score0.00017EPSS

Exploits0References1

OSV•added 2025/12/05 5:16 p.m.•9 views

AZL-71837 CVE-2025-66471 affecting package python-urllib3 for versions less than 2.0.7-3

8.9CVSS6.9AI score0.00017EPSS

Exploits0References1

Snyk•added 2025/12/05 4:40 p.m.•3 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the Streaming API. The ContentDecoder class can be forced to allocate disproportionate...

8.9CVSS6.8AI score0.00017EPSS

Exploits0References2

AlpineLinux•added 2025/12/05 4:6 p.m.•1 views

CVE-2025-66471

8.9CVSS7.4AI score0.00017EPSS

Exploits0References2

Cvelist•added 2025/12/05 4:6 p.m.•18 views

CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data

8.9CVSS0.00017EPSS

Exploits0References2

Vulnrichment•added 2025/12/05 4:6 p.m.•2 views

CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data

8.9CVSS6.4AI score0.00017EPSS

Exploits0References2

EUVD•added 2025/12/05 4:6 p.m.•1 views

EUVD-2025-201419

8.9CVSS6.3AI score0.00017EPSS

Exploits0References3

CNNVD•added 2025/12/05 12:0 a.m.•1 views

urllib3 安全漏洞

urllib3 is a Python HTTP library open-sourced by urllib3. It features thread-safe connection pooling, file publishing support, and more. A security vulnerability exists in urllib3 version 1.0 up to and including version 2.6.0 , which stems from the Streaming API improperly handling highly...

8.9CVSS7.4AI score0.00017EPSS

Exploits0References4

Rockylinux•added 2025/10/18 8:6 a.m.•4 views

jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

An update is available for jackson-core, jackson-jaxrs-providers, jackson-databind, jackson-modules-base, jackson-annotations. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.7CVSS7.5AI score0.00252EPSS

Exploits0

OSV•added 2025/10/15 8:44 a.m.•1 views

BIT-MASTODON-2025-62175 Mastodon streaming API fails to disconnect disabled and suspended users

Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...

4.3CVSS6.7AI score0.00059EPSS

Exploits0References3

RedhatCVE•added 2025/10/14 9:49 p.m.•4 views

CVE-2025-62175

4.3CVSS6.7AI score0.00059EPSS

Exploits0References1