HTTPX Security Audit - Known Vulnerabilities and Fixes

Q: Is HTTPX safe to use?

HTTPX is actively maintained and widely used. As of 2026-05-24, there are 2 known vulnerabilities listed in the OSV database. Most have patches available. Keeping your dependencies updated and running regular security audits significantly reduces risk.

Q: What vulnerabilities does HTTPX have?

The OSV database currently lists 2 vulnerabilities for HTTPX. These range in severity and are detailed in the vulnerability table above. Check the linked advisories for full technical details and remediation guidance.

Q: How do I update HTTPX to fix vulnerabilities?

Run pip install --upgrade httpx to get the newest version. Use pip-audit or safety check to scan for known vulnerabilities. Pin your dependencies with a requirements file and review updates regularly.

HTTPX is a widely used PyPI package. As of 2026-05-24, there are 2 known vulnerabilities in the OSV database. The latest stable version is 0.28.1. Developers should audit their dependency trees and update to patched versions.

Package Overview

Package: httpx
Ecosystem: PyPI
Latest Version: 0.28.1
License: BSD-3-Clause
Description: The next generation HTTP client.
Repository: https://github.com/encode/httpx

Known Vulnerabilities (2)

ID	Severity	Score	Affected Versions	Fixed In	Description
CVE-2021-41945	CRITICAL	9.5	0 to 0.23.0	0.23.0	Improper Input Validation in httpx
CVE-2021-41945	UNKNOWN	-	0 to 0.20.0	0.20.0	Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.

Security Recommendations

Pin HTTPX to the latest stable version (0.28.1) in your dependency manifest
Enable automated dependency updates with Dependabot or Renovate
Run regular vulnerability scans using pip-audit
Review your lock file (requirements.txt) after every update
Monitor the OSV database and NIST NVD for new advisories

FAQ

Is HTTPX safe to use?

HTTPX is actively maintained and widely used. As of 2026-05-24, there are 2 known vulnerabilities listed in the OSV database. Most have patches available. Keeping your dependencies updated and running regular security audits significantly reduces risk.

What vulnerabilities does HTTPX have?

The OSV database currently lists 2 vulnerabilities for HTTPX. These range in severity and are detailed in the vulnerability table above. Check the linked advisories for full technical details and remediation guidance.

How do I update HTTPX to fix vulnerabilities?

Run pip install --upgrade httpx to get the newest version. Use pip-audit or safety check to scan for known vulnerabilities. Pin your dependencies with a requirements file and review updates regularly.

Using AI-Generated Code with HTTPX?

Our vibe coding security audit checks for misconfigurations, exposed secrets and vulnerable dependencies in AI-generated codebases. If your project uses HTTPX, we can verify it is locked to a safe version and properly configured.

Get a Vibe Coding Security Audit

Package Overview

Known Vulnerabilities (2)

Security Recommendations

FAQ

Using AI-Generated Code with HTTPX?

Related Resources