VulnerableCode Package Details - pkg:pypi/requests@2.32.4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/requests@2.32.4

Essentials
History (3)

purl	pkg:pypi/requests@2.32.4

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-stx3-z3wu-pbat	Requests vulnerable to .netrc credentials leak via malicious URLs ### Impact Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. ### Workarounds For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on your Requests Session ([docs](https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env)). ### References https://github.com/psf/requests/pull/6965 https://seclists.org/fulldisclosure/2025/Jun/2	CVE-2024-47081 GHSA-9hjg-9r4m-mvj7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-07T04:57:56.643038+00:00	GHSA Importer	Fixing	VCID-stx3-z3wu-pbat	https://github.com/advisories/GHSA-9hjg-9r4m-mvj7	38.1.0
2026-04-02T12:41:30.765350+00:00	GitLab Importer	Fixing	VCID-stx3-z3wu-pbat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/requests/CVE-2024-47081.yml	38.0.0
2026-04-01T12:56:46.152855+00:00	GithubOSV Importer	Fixing	VCID-stx3-z3wu-pbat	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-9hjg-9r4m-mvj7/GHSA-9hjg-9r4m-mvj7.json	38.0.0