All httpx CVEs — Complete Vulnerability History
httpx is Python's modern HTTP client with async support. The main CVE is a redirect that downgrades from HTTPS to HTTP, potentially exposing credentials.
PyPI
20M+ weekly downloads
1 CVE total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2023-47641 | 2023 | MEDIUM | URL redirect via HTTPS to HTTP downgrade | Fixed 0.27.0 |
Current safe version: 0.27.0
# Before httpx==0.24.0
# After httpx==0.27.0
Then run: pip install -r requirements.txt
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Is httpx safer than requests?
httpx has a shorter CVE history than requests simply because it's newer. Both are actively maintained. httpx adds async support and HTTP/2 — worth using for new projects.