{"ecosystem":"pypi","package":"httpx","version":null,"bugs":[{"id":25,"ecosystem":"pypi","package_name":"httpx","affected_version":"0.27.0","fixed_version":"0.27.2","bug_id":"github:#3288","title":"AsyncClient hangs when response is closed before body is read","description":"Closing an AsyncClient response without consuming the body hung on the connection release. Workaround: always `await r.aread()` or use `async with`. Fixed in 0.27.2.","severity":"high","status":"closed","source":"github_issues","source_url":"https://github.com/encode/httpx/issues/3288","labels":["bug","async","hang"],"created_at":"2026-04-19T03:24:37.030057+00:00","updated_at":"2026-04-19T03:25:24.811294+00:00"},{"id":366,"ecosystem":"pypi","package_name":"httpx","affected_version":null,"fixed_version":"0.20.0","bug_id":"osv:PYSEC-2022-183","title":"PYSEC-2022-183: advisory","description":"Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.","severity":"medium","status":"fixed","source":"osv","source_url":"https://github.com/encode/httpx","labels":["CVE-2021-41945","GHSA-h8pj-cxx2-jfg2"],"created_at":"2026-04-19T04:31:22.811052+00:00","updated_at":"2026-04-19T04:31:22.811052+00:00"},{"id":365,"ecosystem":"pypi","package_name":"httpx","affected_version":null,"fixed_version":"0.23.0","bug_id":"osv:GHSA-h8pj-cxx2-jfg2","title":"Improper Input Validation in httpx","description":"Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.","severity":"critical","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41945","labels":["CVE-2021-41945","PYSEC-2022-183"],"created_at":"2026-04-19T04:31:22.810047+00:00","updated_at":"2026-04-19T04:31:22.810047+00:00"}],"total":3,"_cache":"miss"}