Requests — CVE history (PyPI)
Requests
7 CVEs affect the Requests PyPI package (highest CVSS 6.1). Latest disclosed: 2026-03-25. Full CVE history sourced from NVD.
Summary
- Package
Requests(PyPI)- Total CVEs
7- Actively exploited (CISA KEV)
- 0
- Highest CVSS
6.1- Latest disclosed
- 2026-03-25
Recent CVEs (top 7)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25645 | Medium | 4.4 | — | 2026-03-25 | Requests is a HTTP library. |
CVE-2024-47081 | Medium | 5.3 | — | 2025-06-09 | Requests is a HTTP library. |
CVE-2024-35195 | Medium | 5.6 | — | 2024-05-20 | Requests is a HTTP library. |
CVE-2023-32681 | Medium | 6.1 | — | 2023-05-26 | Requests is a HTTP library. |
CVE-2015-2296 | — | — | — | 2015-03-18 | The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. |
CVE-2014-1830 | — | — | — | 2014-10-15 | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. |
CVE-2014-1829 | — | — | — | 2014-10-15 | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. |
All-time worst (top 4 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32681 | Medium | 6.1 | — | 2023-05-26 | Requests is a HTTP library. |
CVE-2024-35195 | Medium | 5.6 | — | 2024-05-20 | Requests is a HTTP library. |
CVE-2024-47081 | Medium | 5.3 | — | 2025-06-09 | Requests is a HTTP library. |
CVE-2026-25645 | Medium | 4.4 | — | 2026-03-25 | Requests is a HTTP library. |