Search for packages
Package details: pkg:deb/debian/requests@2.21.0-1
purl pkg:deb/debian/requests@2.21.0-1
Next non-vulnerable version 2.32.3+dfsg-5
Latest non-vulnerable version 2.32.3+dfsg-5
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-3nqp-s5gu-aaae
Aliases:
CVE-2023-32681
GHSA-j8r2-6x86-q33q
PYSEC-2023-74
Unintended leak of Proxy-Authorization header in requests
2.25.1+dfsg-2
Affected by 2 other vulnerabilities.
2.31.0+dfsg-1
Affected by 0 other vulnerabilities.
2.31.0+dfsg-2
Affected by 0 other vulnerabilities.
2.32.3+dfsg-1
Affected by 0 other vulnerabilities.
2.32.3+dfsg-4
Affected by 0 other vulnerabilities.
2.32.3+dfsg-5
Affected by 0 other vulnerabilities.
VCID-wsth-kwqz-aaak
Aliases:
CVE-2024-35195
GHSA-9wx4-h78v-vm56
Requests `Session` object does not verify requests after making first request with verify=False
2.32.3+dfsg-1
Affected by 0 other vulnerabilities.
2.32.3+dfsg-4
Affected by 0 other vulnerabilities.
2.32.3+dfsg-5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-c4ud-sqr9-aaae The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. CVE-2018-18074
GHSA-x84v-xcm2-53pg
PYSEC-2018-28

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-22T03:37:46.916510+00:00 Debian Importer Affected by VCID-wsth-kwqz-aaak https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T17:53:05.605550+00:00 Debian Oval Importer Fixing VCID-c4ud-sqr9-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:36:50.673871+00:00 Debian Oval Importer Affected by VCID-3nqp-s5gu-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T08:26:33.935828+00:00 Debian Oval Importer Affected by VCID-3nqp-s5gu-aaae None 36.1.3
2025-06-20T20:16:35.459639+00:00 Debian Oval Importer Fixing VCID-c4ud-sqr9-aaae None 36.1.3
2025-06-08T10:24:53.130781+00:00 Debian Oval Importer Fixing VCID-c4ud-sqr9-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:54:41.843165+00:00 Debian Oval Importer Affected by VCID-3nqp-s5gu-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T02:07:53.486306+00:00 Debian Oval Importer Affected by VCID-3nqp-s5gu-aaae None 36.1.0
2025-06-07T13:56:20.013206+00:00 Debian Oval Importer Fixing VCID-c4ud-sqr9-aaae None 36.1.0
2025-04-12T22:35:03.602576+00:00 Debian Oval Importer Fixing VCID-c4ud-sqr9-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:06:01.061476+00:00 Debian Oval Importer Fixing VCID-c4ud-sqr9-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:25:53.160029+00:00 Debian Oval Importer Affected by VCID-3nqp-s5gu-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T00:39:49.061384+00:00 Debian Oval Importer Affected by VCID-3nqp-s5gu-aaae None 36.0.0
2025-04-07T12:31:01.628116+00:00 Debian Oval Importer Fixing VCID-c4ud-sqr9-aaae None 36.0.0
2025-04-07T08:37:26.871936+00:00 Debian Importer Fixing VCID-c4ud-sqr9-aaae None 36.0.0
2025-04-05T21:52:01.977252+00:00 Debian Importer Affected by VCID-wsth-kwqz-aaak https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-02-21T22:12:22.116448+00:00 Debian Importer Affected by VCID-wsth-kwqz-aaak https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-19T02:16:44.648539+00:00 Debian Importer Fixing VCID-c4ud-sqr9-aaae None 35.1.0
2024-04-24T12:47:26.655402+00:00 Debian Importer Fixing VCID-c4ud-sqr9-aaae None 34.0.0rc4
2024-01-10T14:53:21.221163+00:00 Debian Importer Fixing VCID-c4ud-sqr9-aaae None 34.0.0rc2
2024-01-04T05:31:35.104485+00:00 Debian Importer Fixing VCID-c4ud-sqr9-aaae None 34.0.0rc1