[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-9015":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":43,"related":44,"reserved_at":9,"published_at":50,"modified_at":51,"state":52,"summary":53,"references_raw":61,"kevs":101,"epss":102,"epss_history":105,"metrics":376,"affected":392},"CVE-2016-9015","Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-295","Improper Certificate Validation","The product does not validate, or incorrectly validates, a certificate.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-459","Creating a Rogue Certification Authority Certificate",[],{"id":24,"name":25,"techniques":26},"CAPEC-475","Signature Spoofing by Improper Validation",[],[],[29,30],"GHSA-v4w5-p2hg-8fh6","PYSEC-2017-98",[],[33,35,37,39,41],{"_key":34},"SUSE-RU-2019:2627-1",{"_key":36},"SUSE-SU-2019:0139-1",{"_key":38},"OPENSUSE-SU-2024:10540-1",{"_key":40},"OPENSUSE-SU-2024:11277-1",{"_key":42},"OPENSUSE-SU-2024:14055-1",[],[45,46,47,48,49],{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},"2017-01-11T16:00:00.000Z","2024-08-06T02:35:02.302Z","Modified",{"cisa_kev":54,"cisa_ransomware":54,"cisa_vendor":9,"epss_severity":55,"epss_score":56,"severity":55,"severity_score":57,"severity_version":58,"severity_source":59,"severity_vector":60,"severity_status":52},false,"low",0.00038,3.7,"v3.0","nvd","CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",[62,72,79,84,88,92,97],{"url":63,"sources":64,"tags":67},"http://www.securityfocus.com/bid/93941",[65,59,66],"cve.org","osv_pypi",[68,69,70,71],"VDB Entry","X Refsource BID","Third Party Advisory","WEB",{"url":73,"sources":74,"tags":75},"http://www.openwall.com/lists/oss-security/2016/10/27/6",[65,59,66],[76,77,78,71],"Mailing List","X Refsource MLIST","Mitigation",{"url":80,"sources":81,"tags":82},"https://nvd.nist.gov/vuln/detail/CVE-2016-9015",[66],[83],"Advisory",{"url":85,"sources":86,"tags":87},"https://github.com/urllib3/urllib3/commit/c32cdbc16a9634fa0f8c829d1270301570158715",[66],[71],{"url":89,"sources":90,"tags":91},"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2017-98.yaml",[66],[71],{"url":93,"sources":94,"tags":95},"https://github.com/urllib3/urllib3",[66],[96],"PACKAGE",{"url":98,"sources":99,"tags":100},"https://web.archive.org/web/20210123184150/http://www.securityfocus.com/bid/93941",[66],[71],[],{"date":103,"score":56,"percentile":104},"2026-06-04",0.11671,[106,110,113,116,119,122,125,128,131,134,137,139,142,145,148,151,155,158,161,164,167,170,173,176,179,182,185,188,191,194,197,200,203,206,209,212,215,218,221,224,227,230,233,236,239,242,245,248,251,254,257,260,263,267,270,273,276,279,282,285,288,291,294,296,299,302,305,308,311,314,317,320,323,326,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373],{"date":107,"score":108,"percentile":109},"2025-11-04",0.00173,0.39064,{"date":111,"score":108,"percentile":112},"2025-11-05",0.39056,{"date":114,"score":108,"percentile":115},"2025-11-06",0.39059,{"date":117,"score":108,"percentile":118},"2025-11-07",0.39086,{"date":120,"score":108,"percentile":121},"2025-11-08",0.39078,{"date":123,"score":108,"percentile":124},"2025-11-09",0.39063,{"date":126,"score":108,"percentile":127},"2025-11-10",0.39027,{"date":129,"score":108,"percentile":130},"2025-11-11",0.39045,{"date":132,"score":108,"percentile":133},"2025-11-12",0.39087,{"date":135,"score":108,"percentile":136},"2025-11-13",0.39102,{"date":138,"score":108,"percentile":136},"2025-11-14",{"date":140,"score":108,"percentile":141},"2025-11-15",0.39096,{"date":143,"score":108,"percentile":144},"2025-11-16",0.39074,{"date":146,"score":108,"percentile":147},"2025-11-17",0.39049,{"date":149,"score":108,"percentile":150},"2025-11-18",0.3348,{"date":152,"score":153,"percentile":154},"2025-11-19",0.00053,0.11937,{"date":156,"score":153,"percentile":157},"2025-11-20",0.11954,{"date":159,"score":153,"percentile":160},"2025-11-21",0.16511,{"date":162,"score":153,"percentile":163},"2025-11-22",0.1652,{"date":165,"score":153,"percentile":166},"2025-11-23",0.16496,{"date":168,"score":153,"percentile":169},"2025-11-24",0.1646,{"date":171,"score":153,"percentile":172},"2025-11-25",0.1645,{"date":174,"score":153,"percentile":175},"2025-11-26",0.16436,{"date":177,"score":153,"percentile":178},"2025-11-27",0.16445,{"date":180,"score":153,"percentile":181},"2025-11-28",0.16432,{"date":183,"score":153,"percentile":184},"2025-11-29",0.16416,{"date":186,"score":153,"percentile":187},"2025-11-30",0.16419,{"date":189,"score":153,"percentile":190},"2025-12-01",0.16456,{"date":192,"score":153,"percentile":193},"2025-12-02",0.16469,{"date":195,"score":153,"percentile":196},"2025-12-03",0.16483,{"date":198,"score":153,"percentile":199},"2025-12-04",0.16446,{"date":201,"score":153,"percentile":202},"2025-12-05",0.16504,{"date":204,"score":153,"percentile":205},"2025-12-06",0.16514,{"date":207,"score":153,"percentile":208},"2025-12-07",0.16498,{"date":210,"score":153,"percentile":211},"2025-12-08",0.16507,{"date":213,"score":153,"percentile":214},"2025-12-09",0.16566,{"date":216,"score":153,"percentile":217},"2025-12-10",0.16616,{"date":219,"score":153,"percentile":220},"2025-12-11",0.16662,{"date":222,"score":56,"percentile":223},"2025-12-12",0.11189,{"date":225,"score":56,"percentile":226},"2025-12-13",0.1119,{"date":228,"score":56,"percentile":229},"2025-12-14",0.11192,{"date":231,"score":56,"percentile":232},"2025-12-15",0.11137,{"date":234,"score":56,"percentile":235},"2025-12-16",0.11123,{"date":237,"score":56,"percentile":238},"2025-12-17",0.11205,{"date":240,"score":56,"percentile":241},"2025-12-18",0.11252,{"date":243,"score":56,"percentile":244},"2025-12-19",0.11264,{"date":246,"score":56,"percentile":247},"2025-12-20",0.11267,{"date":249,"score":56,"percentile":250},"2025-12-21",0.11251,{"date":252,"score":56,"percentile":253},"2025-12-22",0.11222,{"date":255,"score":56,"percentile":256},"2025-12-23",0.11221,{"date":258,"score":56,"percentile":259},"2025-12-24",0.11231,{"date":261,"score":56,"percentile":262},"2025-12-25",0.11307,{"date":264,"score":265,"percentile":266},"2025-12-26",0.00058,0.18399,{"date":268,"score":265,"percentile":269},"2025-12-27",0.18387,{"date":271,"score":265,"percentile":272},"2025-12-28",0.18357,{"date":274,"score":265,"percentile":275},"2025-12-29",0.18316,{"date":277,"score":265,"percentile":278},"2025-12-30",0.18328,{"date":280,"score":265,"percentile":281},"2025-12-31",0.18391,{"date":283,"score":265,"percentile":284},"2026-01-01",0.1849,{"date":286,"score":265,"percentile":287},"2026-01-02",0.18486,{"date":289,"score":265,"percentile":290},"2026-01-03",0.18459,{"date":292,"score":265,"percentile":293},"2026-01-04",0.18349,{"date":295,"score":265,"percentile":275},"2026-01-05",{"date":297,"score":265,"percentile":298},"2026-01-06",0.18333,{"date":300,"score":265,"percentile":301},"2026-01-07",0.18367,{"date":303,"score":265,"percentile":304},"2026-01-08",0.18427,{"date":306,"score":265,"percentile":307},"2026-01-09",0.18428,{"date":309,"score":265,"percentile":310},"2026-01-10",0.18442,{"date":312,"score":265,"percentile":313},"2026-01-11",0.18408,{"date":315,"score":265,"percentile":316},"2026-01-12",0.18365,{"date":318,"score":265,"percentile":319},"2026-01-13",0.18341,{"date":321,"score":265,"percentile":322},"2026-01-14",0.18392,{"date":324,"score":265,"percentile":325},"2026-01-15",0.18393,{"date":327,"score":265,"percentile":304},"2026-01-16",{"date":329,"score":265,"percentile":330},"2026-01-17",0.18436,{"date":332,"score":265,"percentile":333},"2026-01-18",0.18373,{"date":335,"score":265,"percentile":336},"2026-01-19",0.18307,{"date":338,"score":265,"percentile":339},"2026-01-20",0.1829,{"date":341,"score":265,"percentile":342},"2026-01-21",0.18263,{"date":344,"score":265,"percentile":345},"2026-01-22",0.18188,{"date":347,"score":265,"percentile":348},"2026-01-23",0.18285,{"date":350,"score":265,"percentile":351},"2026-01-24",0.18312,{"date":353,"score":265,"percentile":354},"2026-01-25",0.18237,{"date":356,"score":265,"percentile":357},"2026-01-26",0.18141,{"date":359,"score":265,"percentile":360},"2026-01-27",0.1813,{"date":362,"score":265,"percentile":363},"2026-01-28",0.18134,{"date":365,"score":265,"percentile":366},"2026-01-29",0.18108,{"date":368,"score":265,"percentile":369},"2026-01-30",0.18123,{"date":371,"score":265,"percentile":372},"2026-01-31",0.18133,{"date":374,"score":265,"percentile":375},"2026-02-01",0.18159,[377,387],{"source":59,"cvss_v2_0":378,"cvss_v3_0":383,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":379,"baseSeverity":9,"vectorString":380,"impactScore":381,"exploitabilityScore":382},2.6,"AV:N/AC:H/Au:N/C:P/I:N/A:N",2.9,4.9,{"baseScore":57,"baseSeverity":384,"vectorString":60,"impactScore":385,"exploitabilityScore":386},"LOW",2.3,5.6,{"source":66,"cvss_v2_0":9,"cvss_v3_0":388,"cvss_v3_1":9,"cvss_v4_0":389},{"baseScore":57,"baseSeverity":9,"vectorString":60,"impactScore":385,"exploitabilityScore":386},{"baseScore":390,"baseSeverity":9,"vectorString":391,"impactScore":9,"exploitabilityScore":9},6.3,"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",[393,406],{"ecosystem":394,"name":395,"vendor":394,"product":395,"cpe_part":9,"purl_type":396,"purl_namespace":9,"purl_name":395,"source":9,"versions":397},"PyPI","urllib3","pypi",[398],{"version":399,"is_range":400,"range_type":401,"version_start":402,"version_start_type":403,"version_end":404,"version_end_type":405,"fixed_in":9},"gte1_17_lt1_18_1",true,"ecosystem","1.17","including","1.18.1","excluding",{"ecosystem":9,"name":395,"vendor":407,"product":395,"cpe_part":408,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":409},"python","a",[410,412],{"version":402,"is_range":54,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"cpe",{"version":413,"is_range":54,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.18"]