requests
requests has 2 known security vulnerabilities in PyPI (Python). Upgrade to version 2.32.4 or later to resolve all known issues. Data sourced from OSV, enriched with EPSS exploit probability and CISA KEV.
Recommended safe version: 2.32.4
Upgrading to 2.32.4 or later resolves all 2 known vulnerabilities in requests. Run: pip install "requests>=2.32.4"
Is requests in your project?
Check if you're affected and upgrade to 2.32.4 to stay secure.
Vulnerabilities
2 unique vulnerabilities — sorted by severity. Click a CVE/GHSA ID for full details.
| CVE / GHSA | Severity | Affected | Fixed In |
|---|---|---|---|
| GHSA-9hjg-9r4m-mvj7 Requests vulnerable to .netrc credentials leak via malicious URLs | MODERATE | 0.0.1, 0.10.0, 0.10.1, 0.10.2 (+151 more) | 2.32.4 |
| GHSA-9wx4-h78v-vm56 Requests `Session` object does not verify requests after making first request with verify=False | MODERATE | 0.0.1, 0.10.0, 0.10.1, 0.10.2 (+147 more) | 2.32.0 |
About This Data
Vulnerability data for requests is sourced from the Open Source Vulnerability (OSV) database, aggregating reports from GitHub Advisory Database, NIST NVD, and ecosystem-specific sources.
CVSS (Common Vulnerability Scoring System) scores reflect exploitability and impact. EPSS (Exploit Prediction Scoring System) scores indicate the probability of exploitation within the next 30 days. Vulnerabilities marked with are listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Check Your Dependencies
Scan your project to check if you're using a vulnerable version of requests.