Browse all 4 CVE security advisories affecting follow-redirects. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Follow-redirects is a library designed to handle HTTP redirects in web requests, commonly used in web scraping, API clients, and automation tools. Historically, it has been associated with vulnerabilities like open redirects, server-side request forgery (SSRF), and cross-site scripting (XSS) due to improper validation of redirect targets. The library's handling of redirects can lead to security issues if it blindly follows untrusted URLs, potentially exposing applications to attacks. Four CVEs have been recorded, primarily involving improper redirect handling that could enable RCE or data exfiltration. While no major incidents are widely documented, the consistent pattern of vulnerabilities highlights the risks of uncritical redirect following in security-sensitive applications.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40895 | follow-redirects: Custom Authentication Headers Leaked to Cross-Domain Redirect Targets — follow-redirectsCWE-200 | 6.1AI | MediumAI | 2026-04-21 |
| CVE-2024-28849 | Proxy-Authorization header kept across hosts in follow-redirects — follow-redirectsCWE-200 | 6.5 | Medium | 2024-03-14 |
| CVE-2022-0536 | Improper Removal of Sensitive Information Before Storage or Transfer in follow-redirects/follow-redirects — follow-redirects/follow-redirectsCWE-212 | 2.6 | Low | 2022-02-09 |
| CVE-2022-0155 | Exposure of Private Personal Information to an Unauthorized Actor in follow-redirects/follow-redirects — follow-redirects/follow-redirectsCWE-359 | 6.5 | - | 2022-01-10 |
This page lists every published CVE security advisory associated with follow-redirects. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.