Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/aiohttp@3.10.11
Typepypi
Namespace
Nameaiohttp
Version3.10.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.13.4
Latest_non_vulnerable_version4.0.0a0
Affected_by_vulnerabilities
0
url VCID-3v2v-g9dz-q7hu
vulnerability_id VCID-3v2v-g9dz-q7hu
summary aiohttp: AIOHTTP: Information disclosure via retained Cookie and Proxy-Authorization headers during redirects
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34518
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02824
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34518
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34518
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34518
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454098
reference_id 2454098
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454098
11
reference_url https://github.com/advisories/GHSA-966j-vmvw-g2g9
reference_id GHSA-966j-vmvw-g2g9
reference_type
scores
url https://github.com/advisories/GHSA-966j-vmvw-g2g9
fixed_packages
0
url pkg:pypi/aiohttp@3.13.4
purl pkg:pypi/aiohttp@3.13.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4
aliases CVE-2026-34518, GHSA-966j-vmvw-g2g9
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3v2v-g9dz-q7hu
1
url VCID-7b59-eb63-tfcf
vulnerability_id VCID-7b59-eb63-tfcf
summary aiohttp: AIOHTTP: Header injection vulnerability due to improper character handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34520
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.2336
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34520
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34520
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34520
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454094
reference_id 2454094
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454094
11
reference_url https://github.com/advisories/GHSA-63hf-3vf5-4wqf
reference_id GHSA-63hf-3vf5-4wqf
reference_type
scores
url https://github.com/advisories/GHSA-63hf-3vf5-4wqf
fixed_packages
0
url pkg:pypi/aiohttp@3.13.4
purl pkg:pypi/aiohttp@3.13.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4
aliases CVE-2026-34520, GHSA-63hf-3vf5-4wqf
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7b59-eb63-tfcf
2
url VCID-8mb3-gafx-8qaz
vulnerability_id VCID-8mb3-gafx-8qaz
summary aiohttp: AIOHTTP: Header Injection via content_type parameter manipulation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34514
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03097
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34514
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34514
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34514
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454102
reference_id 2454102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454102
11
reference_url https://github.com/advisories/GHSA-2vrm-gr82-f7m5
reference_id GHSA-2vrm-gr82-f7m5
reference_type
scores
url https://github.com/advisories/GHSA-2vrm-gr82-f7m5
fixed_packages
0
url pkg:pypi/aiohttp@3.13.4
purl pkg:pypi/aiohttp@3.13.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4
aliases CVE-2026-34514, GHSA-2vrm-gr82-f7m5
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mb3-gafx-8qaz
3
url VCID-8y5k-1ax1-ykhs
vulnerability_id VCID-8y5k-1ax1-ykhs
summary 
AIOHTTP vulnerable to DoS when bypassing asserts
When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69227
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07449
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69227
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/
url https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427256
reference_id 2427256
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427256
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69227
reference_id CVE-2025-69227
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69227
8
reference_url https://github.com/advisories/GHSA-jj3x-wxrx-4x23
reference_id GHSA-jj3x-wxrx-4x23
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jj3x-wxrx-4x23
9
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23
reference_id GHSA-jj3x-wxrx-4x23
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:13545
reference_id RHSA-2026:13545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13545
12
reference_url https://access.redhat.com/errata/RHSA-2026:13553
reference_id RHSA-2026:13553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13553
13
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
14
reference_url https://access.redhat.com/errata/RHSA-2026:5809
reference_id RHSA-2026:5809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5809
15
reference_url https://access.redhat.com/errata/RHSA-2026:6761
reference_id RHSA-2026:6761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6761
16
reference_url https://access.redhat.com/errata/RHSA-2026:6762
reference_id RHSA-2026:6762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6762
17
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:pypi/aiohttp@3.13.3
purl pkg:pypi/aiohttp@3.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-7b59-eb63-tfcf
2
vulnerability VCID-8mb3-gafx-8qaz
3
vulnerability VCID-c1e6-tue3-8yce
4
vulnerability VCID-cvvb-x9jm-ubb8
5
vulnerability VCID-k3f4-wafv-3qgu
6
vulnerability VCID-k3nq-f446-bkas
7
vulnerability VCID-m7wa-qdpv-wuhj
8
vulnerability VCID-myz5-wsnu-u7a5
9
vulnerability VCID-w4mr-q1jr-1qfp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3
aliases CVE-2025-69227, GHSA-jj3x-wxrx-4x23
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8y5k-1ax1-ykhs
4
url VCID-c1e6-tue3-8yce
vulnerability_id VCID-c1e6-tue3-8yce
summary aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22815
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05599
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22815
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22815
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22815
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454093
reference_id 2454093
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454093
11
reference_url https://github.com/advisories/GHSA-w2fm-2cpv-w7v5
reference_id GHSA-w2fm-2cpv-w7v5
reference_type
scores
url https://github.com/advisories/GHSA-w2fm-2cpv-w7v5
fixed_packages
0
url pkg:pypi/aiohttp@3.13.4
purl pkg:pypi/aiohttp@3.13.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4
aliases CVE-2026-22815, GHSA-w2fm-2cpv-w7v5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1e6-tue3-8yce
5
url VCID-cvvb-x9jm-ubb8
vulnerability_id VCID-cvvb-x9jm-ubb8
summary aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34515.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34515.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34515
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06042
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34515
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
4
reference_url https://github.com/aio-libs/aiohttp/commit/0ae2aa076c84573df83fc1fdc39eec0f5862fe3d
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:38:30Z/
url https://github.com/aio-libs/aiohttp/commit/0ae2aa076c84573df83fc1fdc39eec0f5862fe3d
5
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:38:30Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-p998-jp59-783m
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:38:30Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-p998-jp59-783m
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34515
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34515
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454113
reference_id 2454113
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454113
9
reference_url https://github.com/advisories/GHSA-p998-jp59-783m
reference_id GHSA-p998-jp59-783m
reference_type
scores
url https://github.com/advisories/GHSA-p998-jp59-783m
fixed_packages
0
url pkg:pypi/aiohttp@3.13.4
purl pkg:pypi/aiohttp@3.13.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4
aliases CVE-2026-34515, GHSA-p998-jp59-783m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cvvb-x9jm-ubb8
6
url VCID-emmx-uxw4-bucv
vulnerability_id VCID-emmx-uxw4-bucv
summary 
AIOHTTP Vulnerable to Cookie Parser Warning Storm
Reading multiple invalid cookies can lead to a logging storm.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69230
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01329
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69230
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
4
reference_url https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/
url https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427255
reference_id 2427255
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427255
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69230
reference_id CVE-2025-69230
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69230
7
reference_url https://github.com/advisories/GHSA-fh55-r93g-j68g
reference_id GHSA-fh55-r93g-j68g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh55-r93g-j68g
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
reference_id GHSA-fh55-r93g-j68g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
fixed_packages
0
url pkg:pypi/aiohttp@3.13.3
purl pkg:pypi/aiohttp@3.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-7b59-eb63-tfcf
2
vulnerability VCID-8mb3-gafx-8qaz
3
vulnerability VCID-c1e6-tue3-8yce
4
vulnerability VCID-cvvb-x9jm-ubb8
5
vulnerability VCID-k3f4-wafv-3qgu
6
vulnerability VCID-k3nq-f446-bkas
7
vulnerability VCID-m7wa-qdpv-wuhj
8
vulnerability VCID-myz5-wsnu-u7a5
9
vulnerability VCID-w4mr-q1jr-1qfp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3
aliases CVE-2025-69230, GHSA-fh55-r93g-j68g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emmx-uxw4-bucv
7
url VCID-hwxf-hppk-r7c8
vulnerability_id VCID-hwxf-hppk-r7c8
summary 
AIOHTTP vulnerable to  denial of service through large payloads
A request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69228
reference_id
reference_type
scores
0
value 0.00069
scoring_system epss
scoring_elements 0.21369
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69228
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/
url https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427254
reference_id 2427254
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427254
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69228
reference_id CVE-2025-69228
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69228
8
reference_url https://github.com/advisories/GHSA-6jhg-hg63-jvvf
reference_id GHSA-6jhg-hg63-jvvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6jhg-hg63-jvvf
9
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
reference_id GHSA-6jhg-hg63-jvvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:13545
reference_id RHSA-2026:13545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13545
12
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
13
reference_url https://access.redhat.com/errata/RHSA-2026:5809
reference_id RHSA-2026:5809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5809
14
reference_url https://access.redhat.com/errata/RHSA-2026:6761
reference_id RHSA-2026:6761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6761
15
reference_url https://access.redhat.com/errata/RHSA-2026:6762
reference_id RHSA-2026:6762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6762
16
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:pypi/aiohttp@3.13.3
purl pkg:pypi/aiohttp@3.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-7b59-eb63-tfcf
2
vulnerability VCID-8mb3-gafx-8qaz
3
vulnerability VCID-c1e6-tue3-8yce
4
vulnerability VCID-cvvb-x9jm-ubb8
5
vulnerability VCID-k3f4-wafv-3qgu
6
vulnerability VCID-k3nq-f446-bkas
7
vulnerability VCID-m7wa-qdpv-wuhj
8
vulnerability VCID-myz5-wsnu-u7a5
9
vulnerability VCID-w4mr-q1jr-1qfp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3
aliases CVE-2025-69228, GHSA-6jhg-hg63-jvvf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwxf-hppk-r7c8
8
url VCID-k3f4-wafv-3qgu
vulnerability_id VCID-k3f4-wafv-3qgu
summary aiohttp: AIOHTTP: Denial of Service via large multipart form fields
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34517
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05391
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34517
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34517
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34517
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454095
reference_id 2454095
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454095
11
reference_url https://github.com/advisories/GHSA-3wq7-rqq7-wx6j
reference_id GHSA-3wq7-rqq7-wx6j
reference_type
scores
url https://github.com/advisories/GHSA-3wq7-rqq7-wx6j
fixed_packages
0
url pkg:pypi/aiohttp@3.13.4
purl pkg:pypi/aiohttp@3.13.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4
aliases CVE-2026-34517, GHSA-3wq7-rqq7-wx6j
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3f4-wafv-3qgu
9
url VCID-k3nq-f446-bkas
vulnerability_id VCID-k3nq-f446-bkas
summary aiohttp: aiohttp: Security bypass via multiple Host headers
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34525
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.36974
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34525
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000
6
reference_url https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349
7
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34525
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34525
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454096
reference_id 2454096
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454096
12
reference_url https://github.com/advisories/GHSA-c427-h43c-vf67
reference_id GHSA-c427-h43c-vf67
reference_type
scores
url https://github.com/advisories/GHSA-c427-h43c-vf67
fixed_packages
0
url pkg:pypi/aiohttp@3.13.4
purl pkg:pypi/aiohttp@3.13.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4
aliases CVE-2026-34525, GHSA-c427-h43c-vf67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3nq-f446-bkas
10
url VCID-m6u7-xssj-fffs
vulnerability_id VCID-m6u7-xssj-fffs
summary 
AIOHTTP's unicode processing of header values could cause parsing discrepancies
The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69224
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14962
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69224
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/
url https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427246
reference_id 2427246
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427246
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69224
reference_id CVE-2025-69224
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69224
8
reference_url https://github.com/advisories/GHSA-69f9-5gxw-wvc2
reference_id GHSA-69f9-5gxw-wvc2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-69f9-5gxw-wvc2
9
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2
reference_id GHSA-69f9-5gxw-wvc2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:pypi/aiohttp@3.13.3
purl pkg:pypi/aiohttp@3.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-7b59-eb63-tfcf
2
vulnerability VCID-8mb3-gafx-8qaz
3
vulnerability VCID-c1e6-tue3-8yce
4
vulnerability VCID-cvvb-x9jm-ubb8
5
vulnerability VCID-k3f4-wafv-3qgu
6
vulnerability VCID-k3nq-f446-bkas
7
vulnerability VCID-m7wa-qdpv-wuhj
8
vulnerability VCID-myz5-wsnu-u7a5
9
vulnerability VCID-w4mr-q1jr-1qfp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3
aliases CVE-2025-69224, GHSA-69f9-5gxw-wvc2
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6u7-xssj-fffs
11
url VCID-m7wa-qdpv-wuhj
vulnerability_id VCID-m7wa-qdpv-wuhj
summary aiohttp: AIOHTTP: Denial of Service via excessive multipart headers
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34516
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05599
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34516
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34516
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34516
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454112
reference_id 2454112
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454112
11
reference_url https://github.com/advisories/GHSA-m5qp-6w8w-w647
reference_id GHSA-m5qp-6w8w-w647
reference_type
scores
url https://github.com/advisories/GHSA-m5qp-6w8w-w647
fixed_packages
0
url pkg:pypi/aiohttp@3.13.4
purl pkg:pypi/aiohttp@3.13.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4
aliases CVE-2026-34516, GHSA-m5qp-6w8w-w647
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7wa-qdpv-wuhj
12
url VCID-msav-gwbq-bufr
vulnerability_id VCID-msav-gwbq-bufr
summary 
AIOHTTP vulnerable to brute-force leak of internal static file path components
Path normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the
existence of absolute path components.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69226
reference_id
reference_type
scores
0
value 0.0007
scoring_system epss
scoring_elements 0.21558
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69226
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/
url https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427245
reference_id 2427245
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427245
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69226
reference_id CVE-2025-69226
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69226
8
reference_url https://github.com/advisories/GHSA-54jq-c3m8-4m76
reference_id GHSA-54jq-c3m8-4m76
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54jq-c3m8-4m76
9
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76
reference_id GHSA-54jq-c3m8-4m76
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:pypi/aiohttp@3.13.3
purl pkg:pypi/aiohttp@3.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-7b59-eb63-tfcf
2
vulnerability VCID-8mb3-gafx-8qaz
3
vulnerability VCID-c1e6-tue3-8yce
4
vulnerability VCID-cvvb-x9jm-ubb8
5
vulnerability VCID-k3f4-wafv-3qgu
6
vulnerability VCID-k3nq-f446-bkas
7
vulnerability VCID-m7wa-qdpv-wuhj
8
vulnerability VCID-myz5-wsnu-u7a5
9
vulnerability VCID-w4mr-q1jr-1qfp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3
aliases CVE-2025-69226, GHSA-54jq-c3m8-4m76
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msav-gwbq-bufr
13
url VCID-myz5-wsnu-u7a5
vulnerability_id VCID-myz5-wsnu-u7a5
summary aiohttp: aiohttp: Header injection vulnerability via reason parameter
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34519
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.17029
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34519
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34519
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34519
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454100
reference_id 2454100
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454100
11
reference_url https://github.com/advisories/GHSA-mwh4-6h8g-pg8w
reference_id GHSA-mwh4-6h8g-pg8w
reference_type
scores
url https://github.com/advisories/GHSA-mwh4-6h8g-pg8w
fixed_packages
0
url pkg:pypi/aiohttp@3.13.4
purl pkg:pypi/aiohttp@3.13.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4
aliases CVE-2026-34519, GHSA-mwh4-6h8g-pg8w
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myz5-wsnu-u7a5
14
url VCID-p12d-qx3n-cuav
vulnerability_id VCID-p12d-qx3n-cuav
summary 
AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
A zip bomb can be used to execute a DoS against the aiohttp server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69223
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17599
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69223
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/
url https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427456
reference_id 2427456
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427456
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69223
reference_id CVE-2025-69223
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69223
8
reference_url https://github.com/advisories/GHSA-6mq8-rvhq-8wgg
reference_id GHSA-6mq8-rvhq-8wgg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mq8-rvhq-8wgg
9
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg
reference_id GHSA-6mq8-rvhq-8wgg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
12
reference_url https://access.redhat.com/errata/RHSA-2026:1497
reference_id RHSA-2026:1497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1497
13
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
14
reference_url https://access.redhat.com/errata/RHSA-2026:1596
reference_id RHSA-2026:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1596
15
reference_url https://access.redhat.com/errata/RHSA-2026:1599
reference_id RHSA-2026:1599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1599
16
reference_url https://access.redhat.com/errata/RHSA-2026:1609
reference_id RHSA-2026:1609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1609
17
reference_url https://access.redhat.com/errata/RHSA-2026:19712
reference_id RHSA-2026:19712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19712
18
reference_url https://access.redhat.com/errata/RHSA-2026:2106
reference_id RHSA-2026:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2106
19
reference_url https://access.redhat.com/errata/RHSA-2026:2695
reference_id RHSA-2026:2695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2695
20
reference_url https://access.redhat.com/errata/RHSA-2026:3461
reference_id RHSA-2026:3461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3461
21
reference_url https://access.redhat.com/errata/RHSA-2026:3462
reference_id RHSA-2026:3462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3462
22
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
23
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
24
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
25
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
26
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
27
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
28
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
29
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
30
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:pypi/aiohttp@3.13.3
purl pkg:pypi/aiohttp@3.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-7b59-eb63-tfcf
2
vulnerability VCID-8mb3-gafx-8qaz
3
vulnerability VCID-c1e6-tue3-8yce
4
vulnerability VCID-cvvb-x9jm-ubb8
5
vulnerability VCID-k3f4-wafv-3qgu
6
vulnerability VCID-k3nq-f446-bkas
7
vulnerability VCID-m7wa-qdpv-wuhj
8
vulnerability VCID-myz5-wsnu-u7a5
9
vulnerability VCID-w4mr-q1jr-1qfp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3
aliases CVE-2025-69223, GHSA-6mq8-rvhq-8wgg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p12d-qx3n-cuav
15
url VCID-qh9b-wf9z-13d2
vulnerability_id VCID-qh9b-wf9z-13d2
summary 
AIOHTTP has unicode match groups in regexes for ASCII protocol elements
The parser allows non-ASCII decimals to be present in the Range header.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69225
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12707
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69225
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/
url https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427253
reference_id 2427253
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427253
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69225
reference_id CVE-2025-69225
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69225
8
reference_url https://github.com/advisories/GHSA-mqqc-3gqh-h2x8
reference_id GHSA-mqqc-3gqh-h2x8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqqc-3gqh-h2x8
9
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8
reference_id GHSA-mqqc-3gqh-h2x8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:pypi/aiohttp@3.13.3
purl pkg:pypi/aiohttp@3.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-7b59-eb63-tfcf
2
vulnerability VCID-8mb3-gafx-8qaz
3
vulnerability VCID-c1e6-tue3-8yce
4
vulnerability VCID-cvvb-x9jm-ubb8
5
vulnerability VCID-k3f4-wafv-3qgu
6
vulnerability VCID-k3nq-f446-bkas
7
vulnerability VCID-m7wa-qdpv-wuhj
8
vulnerability VCID-myz5-wsnu-u7a5
9
vulnerability VCID-w4mr-q1jr-1qfp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3
aliases CVE-2025-69225, GHSA-mqqc-3gqh-h2x8
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qh9b-wf9z-13d2
16
url VCID-w4mr-q1jr-1qfp
vulnerability_id VCID-w4mr-q1jr-1qfp
summary aiohttp: AIOHTTP: Denial of Service due to unbounded DNS cache
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34513
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05599
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34513
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34513
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34513
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454107
reference_id 2454107
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454107
11
reference_url https://github.com/advisories/GHSA-hcc4-c3v8-rx92
reference_id GHSA-hcc4-c3v8-rx92
reference_type
scores
url https://github.com/advisories/GHSA-hcc4-c3v8-rx92
fixed_packages
0
url pkg:pypi/aiohttp@3.13.4
purl pkg:pypi/aiohttp@3.13.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4
aliases CVE-2026-34513, GHSA-hcc4-c3v8-rx92
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4mr-q1jr-1qfp
17
url VCID-xgmx-6qmw-7ugn
vulnerability_id VCID-xgmx-6qmw-7ugn
summary 
AIOHTTP vulnerable to DoS through chunked messages
Handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69229
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13073
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69229
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
6
reference_url https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427257
reference_id 2427257
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427257
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69229
reference_id CVE-2025-69229
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69229
9
reference_url https://github.com/advisories/GHSA-g84x-mcqj-x9qq
reference_id GHSA-g84x-mcqj-x9qq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g84x-mcqj-x9qq
10
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
reference_id GHSA-g84x-mcqj-x9qq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
11
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:pypi/aiohttp@3.13.3
purl pkg:pypi/aiohttp@3.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-7b59-eb63-tfcf
2
vulnerability VCID-8mb3-gafx-8qaz
3
vulnerability VCID-c1e6-tue3-8yce
4
vulnerability VCID-cvvb-x9jm-ubb8
5
vulnerability VCID-k3f4-wafv-3qgu
6
vulnerability VCID-k3nq-f446-bkas
7
vulnerability VCID-m7wa-qdpv-wuhj
8
vulnerability VCID-myz5-wsnu-u7a5
9
vulnerability VCID-w4mr-q1jr-1qfp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3
aliases CVE-2025-69229, GHSA-g84x-mcqj-x9qq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xgmx-6qmw-7ugn
18
url VCID-yr3u-3vzh-1yhq
vulnerability_id VCID-yr3u-3vzh-1yhq
summary 
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53643
reference_id
reference_type
scores
0
value 0.00424
scoring_system epss
scoring_elements 0.62568
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53643
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/
url https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336
reference_id 1109336
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2380000
reference_id 2380000
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2380000
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53643
reference_id CVE-2025-53643
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53643
9
reference_url https://github.com/advisories/GHSA-9548-qrrj-x5pj
reference_id GHSA-9548-qrrj-x5pj
reference_type
scores
url https://github.com/advisories/GHSA-9548-qrrj-x5pj
10
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
reference_id GHSA-9548-qrrj-x5pj
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
11
reference_url https://access.redhat.com/errata/RHSA-2025:22759
reference_id RHSA-2025:22759
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22759
12
reference_url https://access.redhat.com/errata/RHSA-2025:22939
reference_id RHSA-2025:22939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22939
13
reference_url https://access.redhat.com/errata/RHSA-2025:22944
reference_id RHSA-2025:22944
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22944
14
reference_url https://access.redhat.com/errata/RHSA-2025:23531
reference_id RHSA-2025:23531
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23531
15
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
16
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
17
reference_url https://access.redhat.com/errata/RHSA-2026:2760
reference_id RHSA-2026:2760
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2760
18
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
fixed_packages
0
url pkg:pypi/aiohttp@3.12.14
purl pkg:pypi/aiohttp@3.12.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-7b59-eb63-tfcf
2
vulnerability VCID-8mb3-gafx-8qaz
3
vulnerability VCID-8y5k-1ax1-ykhs
4
vulnerability VCID-c1e6-tue3-8yce
5
vulnerability VCID-cvvb-x9jm-ubb8
6
vulnerability VCID-emmx-uxw4-bucv
7
vulnerability VCID-hwxf-hppk-r7c8
8
vulnerability VCID-k3f4-wafv-3qgu
9
vulnerability VCID-k3nq-f446-bkas
10
vulnerability VCID-m6u7-xssj-fffs
11
vulnerability VCID-m7wa-qdpv-wuhj
12
vulnerability VCID-msav-gwbq-bufr
13
vulnerability VCID-myz5-wsnu-u7a5
14
vulnerability VCID-p12d-qx3n-cuav
15
vulnerability VCID-qh9b-wf9z-13d2
16
vulnerability VCID-w4mr-q1jr-1qfp
17
vulnerability VCID-xgmx-6qmw-7ugn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.12.14
aliases CVE-2025-53643, GHSA-9548-qrrj-x5pj
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yr3u-3vzh-1yhq
Fixing_vulnerabilities
0
url VCID-fxy2-3923-a7gf
vulnerability_id VCID-fxy2-3923-a7gf
summary 
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
A memory leak can occur when a request produces a `MatchInfoError`. This was caused by adding an entry to a cache on each request, due to the building of each `MatchInfoError` producing a unique cache entry.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52303.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52303.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52303
reference_id
reference_type
scores
0
value 0.00421
scoring_system epss
scoring_elements 0.62338
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52303
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
4
reference_url https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:39:25Z/
url https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088108
reference_id 1088108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088108
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2327123
reference_id 2327123
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2327123
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52303
reference_id CVE-2024-52303
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52303
8
reference_url https://github.com/advisories/GHSA-27mf-ghqm-j3j8
reference_id GHSA-27mf-ghqm-j3j8
reference_type
scores
url https://github.com/advisories/GHSA-27mf-ghqm-j3j8
9
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-27mf-ghqm-j3j8
reference_id GHSA-27mf-ghqm-j3j8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:39:25Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-27mf-ghqm-j3j8
fixed_packages
0
url pkg:pypi/aiohttp@3.10.11
purl pkg:pypi/aiohttp@3.10.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-7b59-eb63-tfcf
2
vulnerability VCID-8mb3-gafx-8qaz
3
vulnerability VCID-8y5k-1ax1-ykhs
4
vulnerability VCID-c1e6-tue3-8yce
5
vulnerability VCID-cvvb-x9jm-ubb8
6
vulnerability VCID-emmx-uxw4-bucv
7
vulnerability VCID-hwxf-hppk-r7c8
8
vulnerability VCID-k3f4-wafv-3qgu
9
vulnerability VCID-k3nq-f446-bkas
10
vulnerability VCID-m6u7-xssj-fffs
11
vulnerability VCID-m7wa-qdpv-wuhj
12
vulnerability VCID-msav-gwbq-bufr
13
vulnerability VCID-myz5-wsnu-u7a5
14
vulnerability VCID-p12d-qx3n-cuav
15
vulnerability VCID-qh9b-wf9z-13d2
16
vulnerability VCID-w4mr-q1jr-1qfp
17
vulnerability VCID-xgmx-6qmw-7ugn
18
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.10.11
aliases CVE-2024-52303, GHSA-27mf-ghqm-j3j8
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fxy2-3923-a7gf
1
url VCID-qyz8-8vv1-6kgc
vulnerability_id VCID-qyz8-8vv1-6kgc
summary 
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
The Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52304.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52304.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52304
reference_id
reference_type
scores
0
value 0.0042
scoring_system epss
scoring_elements 0.62299
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52304
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52304
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T15:38:44Z/
url https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
6
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088109
reference_id 1088109
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088109
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2327130
reference_id 2327130
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2327130
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52304
reference_id CVE-2024-52304
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52304
10
reference_url https://github.com/advisories/GHSA-8495-4g3g-x7pr
reference_id GHSA-8495-4g3g-x7pr
reference_type
scores
url https://github.com/advisories/GHSA-8495-4g3g-x7pr
11
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
reference_id GHSA-8495-4g3g-x7pr
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T15:38:44Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
12
reference_url https://access.redhat.com/errata/RHSA-2024:10766
reference_id RHSA-2024:10766
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10766
13
reference_url https://access.redhat.com/errata/RHSA-2024:11574
reference_id RHSA-2024:11574
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11574
14
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
15
reference_url https://access.redhat.com/errata/RHSA-2025:0341
reference_id RHSA-2025:0341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0341
16
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
17
reference_url https://access.redhat.com/errata/RHSA-2025:0753
reference_id RHSA-2025:0753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0753
18
reference_url https://access.redhat.com/errata/RHSA-2025:1101
reference_id RHSA-2025:1101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1101
19
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:pypi/aiohttp@3.10.11
purl pkg:pypi/aiohttp@3.10.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-7b59-eb63-tfcf
2
vulnerability VCID-8mb3-gafx-8qaz
3
vulnerability VCID-8y5k-1ax1-ykhs
4
vulnerability VCID-c1e6-tue3-8yce
5
vulnerability VCID-cvvb-x9jm-ubb8
6
vulnerability VCID-emmx-uxw4-bucv
7
vulnerability VCID-hwxf-hppk-r7c8
8
vulnerability VCID-k3f4-wafv-3qgu
9
vulnerability VCID-k3nq-f446-bkas
10
vulnerability VCID-m6u7-xssj-fffs
11
vulnerability VCID-m7wa-qdpv-wuhj
12
vulnerability VCID-msav-gwbq-bufr
13
vulnerability VCID-myz5-wsnu-u7a5
14
vulnerability VCID-p12d-qx3n-cuav
15
vulnerability VCID-qh9b-wf9z-13d2
16
vulnerability VCID-w4mr-q1jr-1qfp
17
vulnerability VCID-xgmx-6qmw-7ugn
18
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.10.11
aliases CVE-2024-52304, GHSA-8495-4g3g-x7pr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyz8-8vv1-6kgc
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.10.11