Skip to content

Multiple HIGH severity vulnerabilities in urllib3 and virtualenv dependencies #6684

Description

@shunfeng8421

Security Vulnerability Report: Dependencies with HIGH/Critical Vulnerabilities

Static analysis found multiple HIGH severity vulnerabilities in project dependencies:

🚨 HIGH Severity Vulnerabilities:

urllib3 (4 vulnerabilities):

CVE Vuln ID Summary
CVE-2025-66471 GHSA-2xpw-w6gg-jr37 Streaming API decompression bomb
CVE-2026-21441 GHSA-38jv-5279-wg99 Decompression-bomb bypassed
CVE-2025-66418 GHSA-gm62-xv2j-4w53 Unbounded decompression chain
CVE-2026-44431 GHSA-qccp-gfcp-xxvc Sensitive headers forwarded across origins

virtualenv (1 vulnerability):

CVE Vuln ID Summary
CVE-2025-64760 GHSA-rqc4-2hc7-8c8v Command injection through activation scripts

💡 Suggested Action:

Consider upgrading these dependencies to their latest patched versions.


This issue was generated by Code Health Auditor's automated dependency vulnerability scanner. Data source: Google OSV Database.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions