Security context
What an agent needs to avoid regressing past fixes — and find the next bug in this project.
16
Advisories
16
CVEs
High
Peak severity
16
With fix diff
Distribution
By severity
High
1
Medium
10
Unrated
5
By weakness class
Other
11
Information Disclosure
3
Secrets / Crypto
2
Every fixed vulnerability (16)
Medium10 fixed
MediumRequests vulnerable to .netrc credentials leak via malicious URLsCVE-2024-470819d agoMediumRequests `Session` object does not verify requests after making first request with verify=FalseCVE-2024-351959d agoMediumRequests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system teCVE-2026-256453mo agoMediumRequests has Insecure Temp File Reuse in its extract_zipped_paths() utility functionCVE-2026-256453mo agoMediumRequests vulnerable to .netrc credentials leak via malicious URLsCVE-2024-470811y agoMediumRequests `Session` object does not verify requests after making first request with verify=FalseCVE-2024-351952y agoMediumUnintended leak of Proxy-Authorization header in requestsCVE-2023-326813y agoMediumExposure of Sensitive Information to an Unauthorized Actor in RequestsCVE-2014-18294y agoMediumExposure of Sensitive Information to an Unauthorized Actor in RequestsCVE-2014-18304y agoMediumPython Requests Session FixationCVE-2015-22964y ago
Unrated5 fixed
UnratedRequests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `reCVE-2023-326813y agoUnratedThe Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to disCVE-2018-180747y agoUnratedThe resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.CVE-2015-229611y agoUnratedRequests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.CVE-2014-182911y agoUnratedRequests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.CVE-2014-183011y ago