Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-c427-h43c-vf67
  • PyPI/aiohttp
 AIOHTTP accepts duplicate Host headers 01 Apr
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-63hf-3vf5-4wqf
  • PyPI/aiohttp
 AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass 01 Apr
  • Fix available
  • Severity - 2.7 (Low)
GHSA-mwh4-6h8g-pg8w
  • PyPI/aiohttp
 AIOHTTP has HTTP response splitting via \r in reason phrase 01 Apr
  • Fix available
  • Severity - 2.7 (Low)
GHSA-966j-vmvw-g2g9
  • PyPI/aiohttp
 AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect 01 Apr
  • Fix available
  • Severity - 2.7 (Low)
GHSA-3wq7-rqq7-wx6j
  • PyPI/aiohttp
 AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS 01 Apr
  • Fix available
  • Severity - 2.7 (Low)
GHSA-m5qp-6w8w-w647
  • PyPI/aiohttp
 AIOHTTP has a Multipart Header Size Bypass 01 Apr
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-p998-jp59-783m
  • PyPI/aiohttp
 AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows 01 Apr
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-2vrm-gr82-f7m5
  • PyPI/aiohttp
 AIOHTTP has CRLF injection through multipart part content type header construction 01 Apr
  • Fix available
  • Severity - 2.7 (Low)
GHSA-hcc4-c3v8-rx92
  • PyPI/aiohttp
 AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector 01 Apr
  • Fix available
  • Severity - 2.7 (Low)
GHSA-w2fm-2cpv-w7v5
  • PyPI/aiohttp
 aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage 01 Apr
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-fh55-r93g-j68g
  • PyPI/aiohttp
 AIOHTTP Vulnerable to Cookie Parser Warning Storm 05 Jan
  • Fix available
  • Severity - 2.7 (Low)
GHSA-g84x-mcqj-x9qq
  • PyPI/aiohttp
 AIOHTTP vulnerable to DoS through chunked messages 05 Jan
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-6jhg-hg63-jvvf
  • PyPI/aiohttp
 AIOHTTP vulnerable to denial of service through large payloads 05 Jan
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-jj3x-wxrx-4x23
  • PyPI/aiohttp
 AIOHTTP vulnerable to DoS when bypassing asserts 05 Jan
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-54jq-c3m8-4m76
  • PyPI/aiohttp
 AIOHTTP vulnerable to brute-force leak of internal static file path components 05 Jan
  • Fix available
  • Severity - 2.7 (Low)
GHSA-mqqc-3gqh-h2x8
  • PyPI/aiohttp
 AIOHTTP has unicode match groups in regexes for ASCII protocol elements 05 Jan
  • Fix available
  • Severity - 2.7 (Low)
Load more...(3 pages left)