cargo / reqwest

reqwest

cargo

higher level HTTP client library

Audits

PE Patrick Elsen 2026-05-28

reqwest@0.13.4 · 1 finding

reqwest 0.13.4 is a high-level Rust HTTP client built on hyper, tower, and rustls. Five unsafe blocks were reviewed and found sound. Redirect handling correctly strips Authorization and Cookie headers on cross-origin redirects; TLS defaults to rustls with platform certificate verification enabled. One medium-severity finding: no default request, read, or connect timeout is set, which callers must configure explicitly to avoid indefinitely stalled connections.

concurrency-documentedconcurrency-safecrypto-safeenvironment-safehas-binarieshas-build-exechas-fuzz-testshas-install-exechas-integration-testshas-property-testshas-unit-testsimpl-algorithmimpl-concurrencyimpl-cryptoimpl-datastructureimpl-interpreterimpl-jitimpl-parserimpl-protocolis-benignnetwork-safenetwork-secureunsafe-documentedunsafe-minimalunsafe-safeuses-concurrencyuses-cryptouses-environmentuses-execuses-filesystemuses-interpreteruses-jituses-networkuses-unsafe