Search for packages
| purl | pkg:deb/debian/requests@2.0.0-1~bpo70%2B2 |
| Next non-vulnerable version | 2.32.3+dfsg-5 |
| Latest non-vulnerable version | 2.32.3+dfsg-5 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3nqp-s5gu-aaae
Aliases: CVE-2023-32681 GHSA-j8r2-6x86-q33q PYSEC-2023-74 |
Unintended leak of Proxy-Authorization header in requests |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-c4ud-sqr9-aaae
Aliases: CVE-2018-18074 GHSA-x84v-xcm2-53pg PYSEC-2018-28 |
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-ck1f-qh2d-aaab
Aliases: CVE-2015-2296 GHSA-pg2w-x9wp-vw92 PYSEC-2015-17 |
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. |
Affected by 2 other vulnerabilities. |
|
VCID-kvms-7ss9-aaap
Aliases: CVE-2014-1829 GHSA-cfj3-7x9c-4p3h PYSEC-2014-13 |
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. |
Affected by 2 other vulnerabilities. |
|
VCID-kx6u-xprg-aaar
Aliases: CVE-2014-1830 GHSA-652x-xj99-gmcc PYSEC-2014-14 |
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T17:53:05.593951+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:11:01.722114+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:58:18.272574+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:36:50.663194+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:24:17.449330+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T08:26:33.925135+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | None | 36.1.3 |
| 2025-06-21T00:55:07.841571+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | None | 36.1.3 |
| 2025-06-20T22:24:06.794667+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | None | 36.1.3 |
| 2025-06-20T20:16:35.451553+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | None | 36.1.3 |
| 2025-06-20T19:48:50.437791+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | None | 36.1.3 |
| 2025-06-08T13:16:13.646201+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:24:53.123175+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:04:45.241196+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:08:37.737171+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:54:41.833239+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:46:34.754455+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T02:07:53.475931+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | None | 36.1.0 |
| 2025-06-07T18:17:29.199432+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | None | 36.1.0 |
| 2025-06-07T15:48:20.680606+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | None | 36.1.0 |
| 2025-06-07T13:56:19.994517+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | None | 36.1.0 |
| 2025-06-07T13:40:57.778000+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | None | 36.1.0 |
| 2025-04-12T22:35:03.577612+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:19:52.823125+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:33:54.729760+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:04:11.017216+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:06:01.033685+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:36:50.673080+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:39:35.421763+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:25:53.134030+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:17:37.869569+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T00:39:49.034325+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | None | 36.0.0 |
| 2025-04-07T16:55:00.376817+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | None | 36.0.0 |
| 2025-04-07T14:19:07.545162+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | None | 36.0.0 |
| 2025-04-07T12:31:01.595037+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | None | 36.0.0 |
| 2025-04-07T12:16:17.226241+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | None | 36.0.0 |