CVE-2018-18074

CVE-2018-18074 affects the Python requests library prior to 2.20.0. When handling a same-hostname HTTPS-to-HTTP redirect, the library sends the HTTP Authorization header to the HTTP URI, enabling credential exposure via network sniffing. Mitigation: upgrade to a version that includes the fix (Req...

CVE-2026-25645

The CVE describes an insecure temp-file extraction in the Requests library prior to v2.33.0. The vulnerable function requests.utils.extract_zipped_paths() writes the CA bundle into /tmp using a predictable, non-unique filename (e.g., cacert.pem) and reuses an existing file if present, rather than...