Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-urllib3@0?distro=trixie
Typedeb
Namespacedebian
Namepython-urllib3
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.6-2
Latest_non_vulnerable_version2.6.3-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-dxkv-8f9g-47e9
vulnerability_id VCID-dxkv-8f9g-47e9
summary 
urllib3 does not control redirects in browsers and Node.js
urllib3 [supports](https://urllib3.readthedocs.io/en/2.4.0/reference/contrib/emscripten.html) being used in a Pyodide runtime utilizing the [JavaScript Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API) or falling back on [XMLHttpRequest](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest). This means you can use Python libraries to make HTTP requests from your browser or Node.js. Additionally, urllib3 provides [a mechanism](https://urllib3.readthedocs.io/en/2.4.0/user-guide.html#retrying-requests) to control redirects.

However, the `retries` and `redirect` parameters are ignored with Pyodide; the runtime itself determines redirect behavior.


## Affected usages

Any code which relies on urllib3 to control the number of redirects for an HTTP request in a Pyodide runtime.


## Impact

Redirects are often used to exploit SSRF vulnerabilities. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects may remain vulnerable if a Pyodide runtime redirect mechanism is unsuitable.


## Remediation

If you use urllib3 in Node.js, upgrade to a patched version of urllib3.

Unfortunately, browsers provide no suitable way which urllib3 can use: `XMLHttpRequest` provides no control over redirects, the Fetch API returns `opaqueredirect` responses lacking data when redirects are controlled manually. Expect default browser behavior for redirects.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50182.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50182.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-50182
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.05753
published_at 2026-04-02T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.05791
published_at 2026-04-04T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06306
published_at 2026-04-11T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06313
published_at 2026-04-09T12:55:00Z
4
value 0.00023
scoring_system epss
scoring_elements 0.0629
published_at 2026-04-13T12:55:00Z
5
value 0.00023
scoring_system epss
scoring_elements 0.06302
published_at 2026-04-12T12:55:00Z
6
value 0.00023
scoring_system epss
scoring_elements 0.06272
published_at 2026-04-08T12:55:00Z
7
value 0.00023
scoring_system epss
scoring_elements 0.06227
published_at 2026-04-07T12:55:00Z
8
value 0.00066
scoring_system epss
scoring_elements 0.2036
published_at 2026-04-18T12:55:00Z
9
value 0.00066
scoring_system epss
scoring_elements 0.20358
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-50182
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
4
reference_url https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:55:48Z/
url https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f
5
reference_url https://github.com/urllib3/urllib3/releases/tag/2.5.0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:55:48Z/
url https://github.com/urllib3/urllib3/releases/tag/2.5.0
6
reference_url https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:55:48Z/
url https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-50182
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-50182
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108077
reference_id 1108077
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108077
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2373800
reference_id 2373800
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2373800
10
reference_url https://github.com/advisories/GHSA-48p4-8xcf-vxj5
reference_id GHSA-48p4-8xcf-vxj5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-48p4-8xcf-vxj5
11
reference_url https://usn.ubuntu.com/7599-1/
reference_id USN-7599-1
reference_type
scores
url https://usn.ubuntu.com/7599-1/
fixed_packages
0
url pkg:deb/debian/python-urllib3@0?distro=trixie
purl pkg:deb/debian/python-urllib3@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@0%3Fdistro=trixie
1
url pkg:deb/debian/python-urllib3@1.26.5-1~exp1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.5-1~exp1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.5-1~exp1%3Fdistro=trixie
2
url pkg:deb/debian/python-urllib3@1.26.12-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.12-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.12-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-urllib3@2.3.0-3?distro=trixie
purl pkg:deb/debian/python-urllib3@2.3.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.3.0-3%3Fdistro=trixie
4
url pkg:deb/debian/python-urllib3@2.3.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-urllib3@2.3.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.3.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/python-urllib3@2.6.3-2?distro=trixie
purl pkg:deb/debian/python-urllib3@2.6.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.6.3-2%3Fdistro=trixie
aliases CVE-2025-50182, GHSA-48p4-8xcf-vxj5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxkv-8f9g-47e9
1
url VCID-z965-xgv5-fqet
vulnerability_id VCID-z965-xgv5-fqet
summary Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9015
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18184
published_at 2026-04-08T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18098
published_at 2026-04-18T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18086
published_at 2026-04-16T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.18142
published_at 2026-04-13T12:55:00Z
4
value 0.00058
scoring_system epss
scoring_elements 0.18193
published_at 2026-04-12T12:55:00Z
5
value 0.00058
scoring_system epss
scoring_elements 0.1824
published_at 2026-04-11T12:55:00Z
6
value 0.00058
scoring_system epss
scoring_elements 0.18237
published_at 2026-04-09T12:55:00Z
7
value 0.00058
scoring_system epss
scoring_elements 0.1819
published_at 2026-04-01T12:55:00Z
8
value 0.00058
scoring_system epss
scoring_elements 0.18345
published_at 2026-04-02T12:55:00Z
9
value 0.00058
scoring_system epss
scoring_elements 0.18399
published_at 2026-04-04T12:55:00Z
10
value 0.00058
scoring_system epss
scoring_elements 0.18099
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9015
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:N/A:N
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2017-98.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2017-98.yaml
3
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
4
reference_url https://github.com/urllib3/urllib3/commit/c32cdbc16a9634fa0f8c829d1270301570158715
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/c32cdbc16a9634fa0f8c829d1270301570158715
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9015
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9015
6
reference_url https://web.archive.org/web/20210123184150/http://www.securityfocus.com/bid/93941
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123184150/http://www.securityfocus.com/bid/93941
7
reference_url http://www.openwall.com/lists/oss-security/2016/10/27/6
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/10/27/6
8
reference_url http://www.securityfocus.com/bid/93941
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93941
9
reference_url https://github.com/advisories/GHSA-v4w5-p2hg-8fh6
reference_id GHSA-v4w5-p2hg-8fh6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v4w5-p2hg-8fh6
fixed_packages
0
url pkg:deb/debian/python-urllib3@0?distro=trixie
purl pkg:deb/debian/python-urllib3@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@0%3Fdistro=trixie
1
url pkg:deb/debian/python-urllib3@1.26.5-1~exp1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.5-1~exp1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.5-1~exp1%3Fdistro=trixie
2
url pkg:deb/debian/python-urllib3@1.26.12-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.12-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.12-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-urllib3@2.3.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-urllib3@2.3.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.3.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-urllib3@2.6.3-2?distro=trixie
purl pkg:deb/debian/python-urllib3@2.6.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.6.3-2%3Fdistro=trixie
aliases CVE-2016-9015, GHSA-v4w5-p2hg-8fh6, PYSEC-2017-98
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z965-xgv5-fqet
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@0%3Fdistro=trixie