Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-xcgm-r5h9-7989
  • PyPI/aiohttp
 aiohttp: Incomplete websocket frame payloads bypass memory limits 15 Jun
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-4m7w-qmgq-4wj5
  • PyPI/aiohttp
 aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections 15 Jun
  • Fix available
  • Severity - 2.7 (Low)
GHSA-9x8q-7h8h-wcw9
  • PyPI/aiohttp
 aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect 15 Jun
  • Fix available
  • Severity - 1.7 (Low)
GHSA-4fvr-rgm6-gqmc
  • PyPI/aiohttp
 aiohttp: HTTP/1 Pipelined Requests Queue Without Limit 15 Jun
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-g3cq-j2xw-wf74
  • PyPI/aiohttp
 aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup 15 Jun
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-63hw-fmq6-xxg2
  • PyPI/aiohttp
 aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines 15 Jun
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-hpj7-wq8m-9hgp
  • PyPI/aiohttp
 aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges 15 Jun
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-2fqr-mr3j-6wp8
  • PyPI/aiohttp
 aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence 15 Jun
  • Fix available
  • Severity - 1.3 (Low)
GHSA-m6qw-4cw2-hm4m
  • PyPI/aiohttp
 aiohttp: CRLF injection in multipart headers 15 Jun
  • Fix available
  • Severity - 2.7 (Low)
GHSA-hg6j-4rv6-33pg
  • PyPI/aiohttp
 AIOHTTP is vulnerable to cross-origin redirect with per-request cookies 03 Jun
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-jg22-mg44-37j8
  • PyPI/aiohttp
 AIOHTTP is Vulnerable to Deserialization of Untrusted Data 03 Jun
  • Fix available
  • Severity - 6.4 (Medium)
MAL-2026-3699
  • PyPI/aiohttp-util
 Malicious code in aiohttp-util (PyPI) 13 May
  • No fix available
GHSA-c427-h43c-vf67
  • PyPI/aiohttp
 AIOHTTP accepts duplicate Host headers 01 Apr
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-63hf-3vf5-4wqf
  • PyPI/aiohttp
 AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass 01 Apr
  • Fix available
  • Severity - 2.7 (Low)
GHSA-mwh4-6h8g-pg8w
  • PyPI/aiohttp
 AIOHTTP has HTTP response splitting via \r in reason phrase 01 Apr
  • Fix available
  • Severity - 2.7 (Low)
GHSA-966j-vmvw-g2g9
  • PyPI/aiohttp
 AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect 01 Apr
  • Fix available
  • Severity - 2.7 (Low)
Load more...(3 pages left)