[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-20060":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":64,"related":65,"reserved_at":9,"published_at":75,"modified_at":76,"state":77,"summary":78,"references_raw":87,"kevs":219,"epss":220,"epss_history":223,"metrics":492,"affected":506},"CVE-2018-20060","urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[20,21],"GHSA-www2-v7xj-xrc6","PYSEC-2018-32",[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62],{"_key":25},"SUSE-SU-2019:2300-1",{"_key":27},"SUSE-SU-2019:2331-1",{"_key":29},"SUSE-SU-2019:2370-1",{"_key":31},"SUSE-SU-2019:2399-1",{"_key":33},"UBUNTU-CVE-2018-20060",{"_key":35},"OPENSUSE-SU-2019:2131-1",{"_key":37},"OPENSUSE-SU-2024:11277-1",{"_key":39},"OPENSUSE-SU-2024:14055-1",{"_key":41},"OPENSUSE-SU-2024:14144-1",{"_key":43},"DLA-2686-1",{"_key":45},"RHSA-2019:2272",{"_key":47},"RHSA-2020:0850",{"_key":49},"RHSA-2020:0851",{"_key":51},"RHSA-2020:1605",{"_key":53},"RHSA-2020:1916",{"_key":55},"RHSA-2020:2068",{"_key":57},"RHSA-2020:2081",{"_key":59},"MGASA-2019-0258",{"_key":61},"USN-3990-1",{"_key":63},"DEBIAN-CVE-2018-20060",[],[66,67,68,69,70,71,72,73,74],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":59},"2018-12-11T17:00:00.000Z","2024-12-27T16:02:59.523Z","Modified",{"cisa_kev":79,"cisa_ransomware":79,"cisa_vendor":9,"epss_severity":80,"epss_score":81,"severity":82,"severity_score":83,"severity_version":84,"severity_source":85,"severity_vector":86,"severity_status":77},false,"low",0.00656,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[88,98,102,107,114,120,124,128,133,139,144,150,154,158,162,166,170,174,178,182,186,190,194,199,203,207,211,215],{"url":89,"sources":90,"tags":93},"https://github.com/urllib3/urllib3/issues/1316",[91,85,92],"cve.org","osv_pypi",[94,95,96,97],"X Refsource MISC","Third Party Advisory","WEB","REPORT",{"url":99,"sources":100,"tags":101},"https://github.com/urllib3/urllib3/pull/1346",[91,85,92],[94,95,96],{"url":103,"sources":104,"tags":105},"https://github.com/urllib3/urllib3/blob/master/CHANGES.rst",[91,85,92],[94,106,95,96],"Release Notes",{"url":108,"sources":109,"tags":110},"https://bugzilla.redhat.com/show_bug.cgi?id=1649153",[91,85,92],[94,111,112,113,95,96,97],"Issue Tracking","Mitigation","Patch",{"url":115,"sources":116,"tags":117},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD/",[91,85],[118,119],"Vendor Advisory","X Refsource FEDORA",{"url":121,"sources":122,"tags":123},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ/",[91,85],[118,119],{"url":125,"sources":126,"tags":127},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT/",[91,85],[118,119],{"url":129,"sources":130,"tags":131},"https://usn.ubuntu.com/3990-1/",[91,85,92],[118,132,96],"X Refsource UBUNTU",{"url":134,"sources":135,"tags":136},"https://access.redhat.com/errata/RHSA-2019:2272",[91,85,92],[118,137,96,138],"X Refsource REDHAT","Advisory",{"url":140,"sources":141,"tags":142},"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html",[91,85,92],[118,143,96],"X Refsource SUSE",{"url":145,"sources":146,"tags":147},"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html",[91,85,92],[148,149,96],"Mailing List","X Refsource MLIST",{"url":151,"sources":152,"tags":153},"https://security.netapp.com/advisory/ntap-20241227-0010/",[91,85],[],{"url":155,"sources":156,"tags":157},"https://nvd.nist.gov/vuln/detail/CVE-2018-20060",[92],[138],{"url":159,"sources":160,"tags":161},"https://github.com/urllib3/urllib3/commit/560bd227b90f74417ffaedebf5f8d05a8ee4f532",[92],[96],{"url":163,"sources":164,"tags":165},"https://usn.ubuntu.com/3990-1",[92],[96],{"url":167,"sources":168,"tags":169},"https://security.netapp.com/advisory/ntap-20241227-0010",[92],[96],{"url":171,"sources":172,"tags":173},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ",[92],[96],{"url":175,"sources":176,"tags":177},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT",[92],[96],{"url":179,"sources":180,"tags":181},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD",[92],[96],{"url":183,"sources":184,"tags":185},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ",[92],[96],{"url":187,"sources":188,"tags":189},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT",[92],[96],{"url":191,"sources":192,"tags":193},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD",[92],[96],{"url":195,"sources":196,"tags":197},"https://github.com/urllib3/urllib3",[92],[198],"PACKAGE",{"url":200,"sources":201,"tags":202},"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2018-32.yaml",[92],[96],{"url":204,"sources":205,"tags":206},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD/",[92],[96],{"url":208,"sources":209,"tags":210},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ/",[92],[96],{"url":212,"sources":213,"tags":214},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT/",[92],[96],{"url":216,"sources":217,"tags":218},"https://github.com/advisories/GHSA-www2-v7xj-xrc6",[92],[138],[],{"date":221,"score":81,"percentile":222},"2026-06-04",0.71404,[224,228,231,234,237,240,243,246,249,252,255,258,261,265,268,272,275,278,281,284,286,289,292,295,298,301,304,307,311,314,317,320,323,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,385,388,391,394,397,400,403,406,408,411,414,417,420,423,425,428,431,434,437,440,443,446,449,452,455,457,460,463,466,469,472,474,477,480,483,486,489],{"date":225,"score":226,"percentile":227},"2025-11-04",0.00434,0.62036,{"date":229,"score":226,"percentile":230},"2025-11-05",0.62022,{"date":232,"score":226,"percentile":233},"2025-11-06",0.6203,{"date":235,"score":226,"percentile":236},"2025-11-07",0.62048,{"date":238,"score":226,"percentile":239},"2025-11-08",0.62053,{"date":241,"score":226,"percentile":242},"2025-11-09",0.62046,{"date":244,"score":226,"percentile":245},"2025-11-10",0.62025,{"date":247,"score":226,"percentile":248},"2025-11-11",0.62038,{"date":250,"score":226,"percentile":251},"2025-11-12",0.62063,{"date":253,"score":226,"percentile":254},"2025-11-13",0.62071,{"date":256,"score":226,"percentile":257},"2025-11-14",0.62079,{"date":259,"score":226,"percentile":260},"2025-11-15",0.6207,{"date":262,"score":263,"percentile":264},"2025-11-16",0.00471,0.63796,{"date":266,"score":263,"percentile":267},"2025-11-17",0.63795,{"date":269,"score":270,"percentile":271},"2025-11-18",0.01343,0.78331,{"date":273,"score":270,"percentile":274},"2025-11-19",0.78339,{"date":276,"score":270,"percentile":277},"2025-11-20",0.78346,{"date":279,"score":263,"percentile":280},"2025-11-21",0.63806,{"date":282,"score":263,"percentile":283},"2025-11-22",0.63813,{"date":285,"score":263,"percentile":267},"2025-11-23",{"date":287,"score":263,"percentile":288},"2025-11-24",0.63787,{"date":290,"score":263,"percentile":291},"2025-11-25",0.63789,{"date":293,"score":263,"percentile":294},"2025-11-26",0.63792,{"date":296,"score":263,"percentile":297},"2025-11-27",0.63797,{"date":299,"score":263,"percentile":300},"2025-11-28",0.63775,{"date":302,"score":263,"percentile":303},"2025-11-29",0.63745,{"date":305,"score":263,"percentile":306},"2025-11-30",0.63737,{"date":308,"score":309,"percentile":310},"2025-12-01",0.0093,0.75492,{"date":312,"score":309,"percentile":313},"2025-12-02",0.75499,{"date":315,"score":309,"percentile":316},"2025-12-03",0.75487,{"date":318,"score":263,"percentile":319},"2025-12-04",0.63752,{"date":321,"score":263,"percentile":322},"2025-12-05",0.63765,{"date":324,"score":263,"percentile":322},"2025-12-06",{"date":326,"score":263,"percentile":327},"2025-12-07",0.63759,{"date":329,"score":263,"percentile":330},"2025-12-08",0.63767,{"date":332,"score":263,"percentile":333},"2025-12-09",0.63799,{"date":335,"score":263,"percentile":336},"2025-12-10",0.63845,{"date":338,"score":263,"percentile":339},"2025-12-11",0.63862,{"date":341,"score":263,"percentile":342},"2025-12-12",0.63881,{"date":344,"score":263,"percentile":345},"2025-12-13",0.63888,{"date":347,"score":263,"percentile":348},"2025-12-14",0.63887,{"date":350,"score":263,"percentile":351},"2025-12-15",0.6388,{"date":353,"score":263,"percentile":354},"2025-12-16",0.63896,{"date":356,"score":263,"percentile":357},"2025-12-17",0.6391,{"date":359,"score":263,"percentile":360},"2025-12-18",0.63946,{"date":362,"score":263,"percentile":363},"2025-12-19",0.63963,{"date":365,"score":263,"percentile":366},"2025-12-20",0.6396,{"date":368,"score":263,"percentile":369},"2025-12-21",0.63949,{"date":371,"score":263,"percentile":372},"2025-12-22",0.63942,{"date":374,"score":263,"percentile":375},"2025-12-23",0.63951,{"date":377,"score":263,"percentile":378},"2025-12-24",0.63959,{"date":380,"score":263,"percentile":381},"2025-12-25",0.63984,{"date":383,"score":263,"percentile":384},"2025-12-26",0.63985,{"date":386,"score":263,"percentile":387},"2025-12-27",0.64027,{"date":389,"score":263,"percentile":390},"2025-12-28",0.63961,{"date":392,"score":263,"percentile":393},"2025-12-29",0.6395,{"date":395,"score":263,"percentile":396},"2025-12-30",0.63966,{"date":398,"score":263,"percentile":399},"2025-12-31",0.63992,{"date":401,"score":309,"percentile":402},"2026-01-01",0.75707,{"date":404,"score":309,"percentile":405},"2026-01-02",0.75711,{"date":407,"score":309,"percentile":405},"2026-01-03",{"date":409,"score":263,"percentile":410},"2026-01-04",0.6399,{"date":412,"score":263,"percentile":413},"2026-01-05",0.63983,{"date":415,"score":263,"percentile":416},"2026-01-06",0.63978,{"date":418,"score":263,"percentile":419},"2026-01-07",0.63997,{"date":421,"score":263,"percentile":422},"2026-01-08",0.64019,{"date":424,"score":263,"percentile":422},"2026-01-09",{"date":426,"score":263,"percentile":427},"2026-01-10",0.64018,{"date":429,"score":263,"percentile":430},"2026-01-11",0.64007,{"date":432,"score":263,"percentile":433},"2026-01-12",0.63989,{"date":435,"score":263,"percentile":436},"2026-01-13",0.63988,{"date":438,"score":263,"percentile":439},"2026-01-14",0.64025,{"date":441,"score":263,"percentile":442},"2026-01-15",0.64041,{"date":444,"score":263,"percentile":445},"2026-01-16",0.64062,{"date":447,"score":263,"percentile":448},"2026-01-17",0.6405,{"date":450,"score":263,"percentile":451},"2026-01-18",0.64044,{"date":453,"score":263,"percentile":454},"2026-01-19",0.6403,{"date":456,"score":263,"percentile":451},"2026-01-20",{"date":458,"score":263,"percentile":459},"2026-01-21",0.64046,{"date":461,"score":263,"percentile":462},"2026-01-22",0.64053,{"date":464,"score":263,"percentile":465},"2026-01-23",0.64084,{"date":467,"score":263,"percentile":468},"2026-01-24",0.64088,{"date":470,"score":263,"percentile":471},"2026-01-25",0.64054,{"date":473,"score":263,"percentile":442},"2026-01-26",{"date":475,"score":263,"percentile":476},"2026-01-27",0.64051,{"date":478,"score":263,"percentile":479},"2026-01-28",0.6406,{"date":481,"score":263,"percentile":482},"2026-01-29",0.64061,{"date":484,"score":263,"percentile":485},"2026-01-30",0.6407,{"date":487,"score":263,"percentile":488},"2026-01-31",0.64073,{"date":490,"score":309,"percentile":491},"2026-02-01",0.75783,[493,501],{"source":85,"cvss_v2_0":494,"cvss_v3_0":499,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":495,"baseSeverity":9,"vectorString":496,"impactScore":497,"exploitabilityScore":498},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":83,"baseSeverity":500,"vectorString":86,"impactScore":83,"exploitabilityScore":498},"CRITICAL",{"source":92,"cvss_v2_0":9,"cvss_v3_0":502,"cvss_v3_1":9,"cvss_v4_0":503},{"baseScore":83,"baseSeverity":9,"vectorString":86,"impactScore":83,"exploitabilityScore":498},{"baseScore":504,"baseSeverity":9,"vectorString":505,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[507,519,530],{"ecosystem":9,"name":508,"vendor":509,"product":508,"cpe_part":510,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":511},"fedora","fedoraproject","o",[512,515,517],{"version":513,"is_range":79,"range_type":514,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"28","cpe",{"version":516,"is_range":79,"range_type":514,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"29",{"version":518,"is_range":79,"range_type":514,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":520,"name":521,"vendor":520,"product":521,"cpe_part":9,"purl_type":522,"purl_namespace":9,"purl_name":521,"source":9,"versions":523},"PyPI","urllib3","pypi",[524],{"version":525,"is_range":526,"range_type":527,"version_start":9,"version_start_type":9,"version_end":528,"version_end_type":529,"fixed_in":9},"lt1_23",true,"ecosystem","1.23","excluding",{"ecosystem":9,"name":521,"vendor":531,"product":521,"cpe_part":532,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":533},"python","a",[534],{"version":535,"is_range":526,"range_type":514,"version_start":9,"version_start_type":9,"version_end":528,"version_end_type":529,"fixed_in":9},"lt1.23"]