GHSA-7mw3-79jq-xc7f

Impact

aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 (and later ==3.11.8) in requirements.txt but setup.py carried a hard-coded duplicate requirements = [...] list that was never updated and still pinned orjson==3.11.4.

When setuptools builds the source distribution it reads the metadata from setup.py, not from requirements.txt. So pip install aiograpi==0.6.6 (or 0.7.0 / 0.7.1) actually pulls orjson==3.11.4 — a version vulnerable to CVE-2025-67221 (stack overflow in orjson.dumps on deeply nested JSON inputs).

Practical exploitability

Low in the typical aiograpi flow: orjson is used to encode request bodies aiograpi itself constructs and to decode responses returned by Instagram. An attacker would need to coerce aiograpi to encode an attacker-controlled deeply-nested Python structure or to decode an attacker-supplied stream — not the normal call shape.

However any caller doing client.public_request(...) or similar with caller-controlled payloads, or any caller passing aiograpi-decoded last_json into recursive serialization, may hit the unbounded recursion. The patched orjson rejects deeply-nested inputs cleanly.

Patches

Fixed in aiograpi 0.7.2 by migrating to pyproject.toml (PEP 621) — single source of truth for dependencies. PyPI installs of 0.7.2 and later resolve orjson==3.11.8 correctly.

Workarounds

Force-install a non-vulnerable orjson alongside the affected aiograpi version:

pip install 'aiograpi==0.7.1' 'orjson>=3.11.6'

Or just upgrade to a fixed aiograpi:

pip install -U 'aiograpi>=0.7.2'

Resources

• orjson CVE-2025-67221 advisory: https://github.com/ijl/orjson/security/advisories
• aiograpi 0.7.2 changelog (security section): https://github.com/subzeroid/aiograpi/blob/main/CHANGELOG.md#072--2026-04-27