Follow-redirects Project Follow-redirects — known CVE vulnerabilities
Every CVE whose affected-product data names Follow-redirects Project Follow-redirects, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-40895 — CVSS 7.5 (high): follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior…
CVE-2022-0155 — CVSS 6.5 (medium): follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-28849 — CVSS 6.5 (medium): follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In…
CVE-2022-0536 — CVSS 2.6 (low): Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.