Skip to content

Security: multiple requests advisories appear reachable in deepwiki-open #537

Open
Open
Security: multiple requests advisories appear reachable in deepwiki-open#537

Description

@hamizan-azman
hamizan-azman
opened on Jun 18, 2026

Security: multiple requests advisories appear reachable in deepwiki-open

Summary

During local dependency-impact validation, we observed behavior indicating that
AsyncFuncAI/deepwiki-open reaches code paths involving vulnerable requests versions. Please review
whether the project currently pins or allows affected requests releases, and upgrade or constrain
the dependency if needed.

Affected dependency

Advisories observed

Local validation notes

  • CVE-2018-18074, requests 2.19.1: Local proof showed sensitive Authorization header material in local output.
  • CVE-2024-47081, requests 2.32.3: Local proof showed sensitive Authorization header material in local output.
  • CVE-2014-1830, requests 2.2.1: Local proof showed sensitive Authorization header material in local output.
  • CVE-2014-1829, requests 2.19.1: Local proof showed sensitive Authorization header material in local output.

Suggested fix

Please upgrade requests to a version that includes the upstream security fixes for the advisories
above, or add a dependency constraint that prevents affected versions from being installed.

Disclosure note

We have not opened a public security issue elsewhere for these rows. If you prefer a private disclosure route, please point us to the right channel.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions