All OkHttp CVEs — Complete Vulnerability History
OkHttp is the most widely-used HTTP client for Android and Java. It's used by Retrofit, Coil, and many major Android and server-side applications.
Java/Maven
Millions weekly downloads
2 CVEs total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2021-0341 | 2021 | HIGH | Certificate hostname verification bypass | Fixed 4.9.1 |
| CVE-2023-0833 | 2023 | HIGH | Certificate pinning bypass via crafted cert | Fixed 4.11.0 |
Current safe version: 4.12.0
# Before4.10.0
# After4.12.0
Then run: mvn dependency:resolve
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Is OkHttp safe for HTTPS connections?
4.12.0 addresses all known certificate verification CVEs. Always implement certificate pinning for sensitive Android applications and keep OkHttp updated.