[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-66471":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":160,"related":161,"reserved_at":9,"published_at":186,"modified_at":187,"state":188,"summary":189,"references_raw":198,"kevs":224,"epss":225,"epss_history":228,"metrics":502,"affected":516},"CVE-2025-66471","urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-409","Improper Handling of Highly Compressed Data (Data Amplification)","The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.","weakness","Incomplete","Base",[],[],[21],"GHSA-2xpw-w6gg-jr37",[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158],{"_key":25},"ALPINE-CVE-2025-66471",{"_key":27},"SUSE-SU-2026:0635-1",{"_key":29},"SUSE-SU-2026:0443-1",{"_key":31},"SUSE-SU-2026:20175-1",{"_key":33},"SUSE-SU-2026:20189-1",{"_key":35},"SUSE-SU-2026:20443-1",{"_key":37},"SUSE-SU-2026:20485-1",{"_key":39},"SUSE-SU-2026:20591-1",{"_key":41},"SUSE-SU-2026:0367-1",{"_key":43},"OPENSUSE-SU-2026:10026-1",{"_key":45},"OPENSUSE-SU-2026:10096-1",{"_key":47},"OPENSUSE-SU-2026:20127-1",{"_key":49},"OPENSUSE-SU-2026:20271-1",{"_key":51},"SUSE-SU-2026:1067-1",{"_key":53},"SUSE-SU-2026:1412-1",{"_key":55},"USN-7927-1",{"_key":57},"USN-7927-2",{"_key":59},"USN-7927-3",{"_key":61},"DEBIAN-CVE-2025-66471",{"_key":63},"USN-8344-1",{"_key":65},"RHSA-2026:11722",{"_key":67},"RHSA-2026:1706",{"_key":69},"RHSA-2026:1717",{"_key":71},"RHSA-2026:1734",{"_key":73},"RHSA-2026:1735",{"_key":75},"RHSA-2026:1791",{"_key":77},"RHSA-2026:1792",{"_key":79},"RHSA-2026:1793",{"_key":81},"RHSA-2026:1794",{"_key":83},"RHSA-2026:1795",{"_key":85},"RHSA-2026:1803",{"_key":87},"RHSA-2026:1805",{"_key":89},"RHSA-2026:2060",{"_key":91},"RHSA-2026:2760",{"_key":93},"RHSA-2026:9031",{"_key":95},"UBUNTU-CVE-2025-66471",{"_key":97},"USN-8344-3",{"_key":99},"RHSA-2026:1086",{"_key":101},"RHSA-2026:1087",{"_key":103},"RHSA-2026:1088",{"_key":105},"RHSA-2026:1089",{"_key":107},"RHSA-2026:1224",{"_key":109},"RHSA-2026:1226",{"_key":111},"RHSA-2026:1239",{"_key":113},"RHSA-2026:1240",{"_key":115},"RHSA-2026:1241",{"_key":117},"RHSA-2026:1249",{"_key":119},"RHSA-2026:1254",{"_key":121},"RHSA-2026:1485",{"_key":123},"RHSA-2026:1497",{"_key":125},"RHSA-2026:1506",{"_key":127},"RHSA-2026:1546",{"_key":129},"RHSA-2026:1618",{"_key":131},"RHSA-2026:1619",{"_key":133},"RHSA-2026:1674",{"_key":135},"RHSA-2026:1676",{"_key":137},"RHSA-2026:1693",{"_key":139},"RHSA-2026:1704",{"_key":141},"RHSA-2026:1712",{"_key":143},"RHSA-2026:1726",{"_key":145},"RHSA-2026:1729",{"_key":147},"RHSA-2026:1957",{"_key":149},"RHSA-2026:2717",{"_key":151},"RHSA-2026:2718",{"_key":153},"RHSA-2026:2723",{"_key":155},"RHSA-2026:2728",{"_key":157},"RHSA-2026:2764",{"_key":159},"RHSA-2026:2765",[],[162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,178,180,182,184],{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":177},"CGA-2239-48QP-FJHW",{"_key":179},"CGA-22XF-M2VJ-QVRM",{"_key":181},"CGA-7XHV-J2CH-9FVR",{"_key":183},"CGA-VJFW-755G-XQWM",{"_key":185},"CGA-3VV3-3897-WC6M","2025-12-05T16:06:08.531Z","2025-12-05T19:33:14.832Z","Analyzed",{"cisa_kev":190,"cisa_ransomware":190,"cisa_vendor":9,"epss_severity":191,"epss_score":192,"severity":193,"severity_score":194,"severity_version":195,"severity_source":196,"severity_vector":197,"severity_status":188},false,"low",0.00017,"high",8.9,"v4.0","cve.org","CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",[199,208,214,219],{"url":200,"sources":201,"tags":204},"https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",[196,202,203],"nvd","osv_pypi",[205,206,207],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":209,"sources":210,"tags":211},"https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",[196,202,203],[212,213,207],"X Refsource MISC","Patch",{"url":215,"sources":216,"tags":217},"https://nvd.nist.gov/vuln/detail/CVE-2025-66471",[203],[218],"Advisory",{"url":220,"sources":221,"tags":222},"https://github.com/urllib3/urllib3",[203],[223],"PACKAGE",[],{"date":226,"score":192,"percentile":227},"2026-06-04",0.04581,[229,233,236,240,243,246,250,253,256,259,262,265,268,271,274,277,280,283,286,289,292,295,298,301,304,306,309,312,315,318,321,324,328,331,334,337,340,343,346,349,352,355,358,361,365,368,371,374,377,380,383,386,389,392,395,398,400,403,406,409,412,415,418,421,424,427,430,433,437,440,443,446,449,452,455,458,461,464,467,470,473,476,479,482,485,488,491,493,496,499],{"date":230,"score":231,"percentile":232},"2025-12-06",0.00016,0.02678,{"date":234,"score":231,"percentile":235},"2025-12-07",0.02688,{"date":237,"score":238,"percentile":239},"2025-12-08",0.00014,0.01752,{"date":241,"score":238,"percentile":242},"2025-12-09",0.01769,{"date":244,"score":238,"percentile":245},"2025-12-10",0.01785,{"date":247,"score":248,"percentile":249},"2025-12-11",0.00018,0.03708,{"date":251,"score":248,"percentile":252},"2025-12-12",0.03726,{"date":254,"score":248,"percentile":255},"2025-12-13",0.03733,{"date":257,"score":248,"percentile":258},"2025-12-14",0.03728,{"date":260,"score":248,"percentile":261},"2025-12-15",0.03699,{"date":263,"score":248,"percentile":264},"2025-12-16",0.03716,{"date":266,"score":248,"percentile":267},"2025-12-17",0.03746,{"date":269,"score":248,"percentile":270},"2025-12-18",0.03763,{"date":272,"score":248,"percentile":273},"2025-12-19",0.03749,{"date":275,"score":248,"percentile":276},"2025-12-20",0.03751,{"date":278,"score":248,"percentile":279},"2025-12-21",0.03772,{"date":281,"score":248,"percentile":282},"2025-12-22",0.03744,{"date":284,"score":248,"percentile":285},"2025-12-23",0.03753,{"date":287,"score":248,"percentile":288},"2025-12-24",0.03759,{"date":290,"score":248,"percentile":291},"2025-12-25",0.03788,{"date":293,"score":248,"percentile":294},"2025-12-26",0.03783,{"date":296,"score":248,"percentile":297},"2025-12-27",0.03795,{"date":299,"score":248,"percentile":300},"2025-12-28",0.03784,{"date":302,"score":248,"percentile":303},"2025-12-29",0.03773,{"date":305,"score":248,"percentile":252},"2025-12-30",{"date":307,"score":248,"percentile":308},"2025-12-31",0.03734,{"date":310,"score":248,"percentile":311},"2026-01-01",0.03825,{"date":313,"score":248,"percentile":314},"2026-01-02",0.03818,{"date":316,"score":248,"percentile":317},"2026-01-03",0.03811,{"date":319,"score":248,"percentile":320},"2026-01-04",0.03698,{"date":322,"score":248,"percentile":323},"2026-01-05",0.03671,{"date":325,"score":326,"percentile":327},"2026-01-06",0.00019,0.04334,{"date":329,"score":326,"percentile":330},"2026-01-07",0.04356,{"date":332,"score":326,"percentile":333},"2026-01-08",0.04389,{"date":335,"score":326,"percentile":336},"2026-01-09",0.04392,{"date":338,"score":326,"percentile":339},"2026-01-10",0.04399,{"date":341,"score":326,"percentile":342},"2026-01-11",0.04379,{"date":344,"score":326,"percentile":345},"2026-01-12",0.04375,{"date":347,"score":326,"percentile":348},"2026-01-13",0.04367,{"date":350,"score":326,"percentile":351},"2026-01-14",0.04409,{"date":353,"score":326,"percentile":354},"2026-01-15",0.04325,{"date":356,"score":326,"percentile":357},"2026-01-16",0.04293,{"date":359,"score":326,"percentile":360},"2026-01-17",0.04291,{"date":362,"score":363,"percentile":364},"2026-01-18",0.00026,0.06481,{"date":366,"score":363,"percentile":367},"2026-01-19",0.06455,{"date":369,"score":363,"percentile":370},"2026-01-20",0.06416,{"date":372,"score":363,"percentile":373},"2026-01-21",0.06412,{"date":375,"score":363,"percentile":376},"2026-01-22",0.06379,{"date":378,"score":363,"percentile":379},"2026-01-23",0.06447,{"date":381,"score":363,"percentile":382},"2026-01-24",0.06492,{"date":384,"score":363,"percentile":385},"2026-01-25",0.06452,{"date":387,"score":363,"percentile":388},"2026-01-26",0.06439,{"date":390,"score":363,"percentile":391},"2026-01-27",0.06423,{"date":393,"score":363,"percentile":394},"2026-01-28",0.064,{"date":396,"score":363,"percentile":397},"2026-01-29",0.06399,{"date":399,"score":363,"percentile":370},"2026-01-30",{"date":401,"score":363,"percentile":402},"2026-01-31",0.06414,{"date":404,"score":363,"percentile":405},"2026-02-01",0.06465,{"date":407,"score":363,"percentile":408},"2026-02-02",0.0645,{"date":410,"score":363,"percentile":411},"2026-02-03",0.06446,{"date":413,"score":363,"percentile":414},"2026-02-04",0.06467,{"date":416,"score":363,"percentile":417},"2026-02-05",0.06516,{"date":419,"score":363,"percentile":420},"2026-02-06",0.06553,{"date":422,"score":363,"percentile":423},"2026-02-07",0.06565,{"date":425,"score":363,"percentile":426},"2026-02-08",0.06552,{"date":428,"score":363,"percentile":429},"2026-02-09",0.06519,{"date":431,"score":363,"percentile":432},"2026-02-10",0.06501,{"date":434,"score":435,"percentile":436},"2026-02-11",0.00027,0.07022,{"date":438,"score":435,"percentile":439},"2026-02-12",0.0705,{"date":441,"score":435,"percentile":442},"2026-02-13",0.06971,{"date":444,"score":435,"percentile":445},"2026-02-14",0.0696,{"date":447,"score":435,"percentile":448},"2026-02-15",0.06976,{"date":450,"score":435,"percentile":451},"2026-02-16",0.06963,{"date":453,"score":435,"percentile":454},"2026-02-17",0.06931,{"date":456,"score":435,"percentile":457},"2026-02-18",0.0728,{"date":459,"score":435,"percentile":460},"2026-02-19",0.07344,{"date":462,"score":435,"percentile":463},"2026-02-20",0.07335,{"date":465,"score":435,"percentile":466},"2026-02-21",0.07348,{"date":468,"score":435,"percentile":469},"2026-02-22",0.07337,{"date":471,"score":435,"percentile":472},"2026-02-23",0.07333,{"date":474,"score":435,"percentile":475},"2026-02-24",0.07317,{"date":477,"score":435,"percentile":478},"2026-02-25",0.07246,{"date":480,"score":435,"percentile":481},"2026-02-26",0.07194,{"date":483,"score":435,"percentile":484},"2026-02-27",0.0721,{"date":486,"score":435,"percentile":487},"2026-02-28",0.0722,{"date":489,"score":435,"percentile":490},"2026-03-01",0.07269,{"date":492,"score":435,"percentile":481},"2026-03-02",{"date":494,"score":435,"percentile":495},"2026-03-03",0.072,{"date":497,"score":435,"percentile":498},"2026-03-04",0.07138,{"date":500,"score":435,"percentile":501},"2026-03-05",0.07162,[503,506,514],{"source":196,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":504},{"baseScore":194,"baseSeverity":505,"vectorString":197,"impactScore":9,"exploitabilityScore":9},"HIGH",{"source":202,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":507,"cvss_v4_0":512},{"baseScore":508,"baseSeverity":505,"vectorString":509,"impactScore":510,"exploitabilityScore":511},7.5,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",6,10,{"baseScore":194,"baseSeverity":505,"vectorString":513,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":203,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":515},{"baseScore":194,"baseSeverity":9,"vectorString":197,"impactScore":9,"exploitabilityScore":9},[517,530,537],{"ecosystem":518,"name":519,"vendor":518,"product":519,"cpe_part":9,"purl_type":520,"purl_namespace":9,"purl_name":519,"source":9,"versions":521},"PyPI","urllib3","pypi",[522],{"version":523,"is_range":524,"range_type":525,"version_start":526,"version_start_type":527,"version_end":528,"version_end_type":529,"fixed_in":9},"gte1_0_lt2_6_0",true,"ecosystem","1.0","including","2.6.0","excluding",{"ecosystem":9,"name":519,"vendor":531,"product":519,"cpe_part":532,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":533},"python","a",[534],{"version":535,"is_range":524,"range_type":536,"version_start":526,"version_start_type":527,"version_end":528,"version_end_type":529,"fixed_in":9},"gte1.0_lt2.6.0","cpe",{"ecosystem":9,"name":519,"vendor":519,"product":519,"cpe_part":532,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":538},[539],{"version":540,"is_range":524,"range_type":196,"version_start":526,"version_start_type":527,"version_end":528,"version_end_type":529,"fixed_in":9},">= 1.0, \u003C 2.6.0"]