Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
Typedeb
Namespacedebian
Namepython-aiohttp
Version3.8.4-1+deb12u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.13.5-1
Latest_non_vulnerable_version3.13.5-1
Affected_by_vulnerabilities
0
url VCID-19q4-vzzb-8uca
vulnerability_id VCID-19q4-vzzb-8uca
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34519
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11693
published_at 2026-04-18T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.1165
published_at 2026-04-29T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11778
published_at 2026-04-24T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.1181
published_at 2026-04-21T12:55:00Z
4
value 0.00039
scoring_system epss
scoring_elements 0.11732
published_at 2026-04-26T12:55:00Z
5
value 0.00045
scoring_system epss
scoring_elements 0.13732
published_at 2026-04-02T12:55:00Z
6
value 0.00045
scoring_system epss
scoring_elements 0.13791
published_at 2026-04-04T12:55:00Z
7
value 0.00059
scoring_system epss
scoring_elements 0.18287
published_at 2026-04-07T12:55:00Z
8
value 0.00059
scoring_system epss
scoring_elements 0.18268
published_at 2026-04-16T12:55:00Z
9
value 0.00059
scoring_system epss
scoring_elements 0.18323
published_at 2026-04-13T12:55:00Z
10
value 0.00059
scoring_system epss
scoring_elements 0.18375
published_at 2026-04-12T12:55:00Z
11
value 0.00059
scoring_system epss
scoring_elements 0.18422
published_at 2026-04-11T12:55:00Z
12
value 0.00059
scoring_system epss
scoring_elements 0.18423
published_at 2026-04-09T12:55:00Z
13
value 0.00059
scoring_system epss
scoring_elements 0.1837
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34519
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34519
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34519
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454100
reference_id 2454100
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454100
11
reference_url https://github.com/advisories/GHSA-mwh4-6h8g-pg8w
reference_id GHSA-mwh4-6h8g-pg8w
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwh4-6h8g-pg8w
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34519, GHSA-mwh4-6h8g-pg8w
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19q4-vzzb-8uca
1
url VCID-5f1f-mrwv-zucz
vulnerability_id VCID-5f1f-mrwv-zucz
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34513
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.122
published_at 2026-04-02T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.12245
published_at 2026-04-04T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16263
published_at 2026-04-24T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16369
published_at 2026-04-21T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16335
published_at 2026-04-18T12:55:00Z
5
value 0.00052
scoring_system epss
scoring_elements 0.16315
published_at 2026-04-16T12:55:00Z
6
value 0.00052
scoring_system epss
scoring_elements 0.16386
published_at 2026-04-13T12:55:00Z
7
value 0.00052
scoring_system epss
scoring_elements 0.16441
published_at 2026-04-08T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16218
published_at 2026-04-29T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16259
published_at 2026-04-26T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16485
published_at 2026-04-11T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16355
published_at 2026-04-07T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.165
published_at 2026-04-09T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16446
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34513
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34513
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34513
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454107
reference_id 2454107
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454107
11
reference_url https://github.com/advisories/GHSA-hcc4-c3v8-rx92
reference_id GHSA-hcc4-c3v8-rx92
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcc4-c3v8-rx92
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34513, GHSA-hcc4-c3v8-rx92
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5f1f-mrwv-zucz
2
url VCID-cg9h-fysf-xygf
vulnerability_id VCID-cg9h-fysf-xygf
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34516
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11462
published_at 2026-04-04T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.122
published_at 2026-04-02T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.1533
published_at 2026-04-07T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.15325
published_at 2026-04-13T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.15391
published_at 2026-04-12T12:55:00Z
5
value 0.0005
scoring_system epss
scoring_elements 0.1543
published_at 2026-04-11T12:55:00Z
6
value 0.0005
scoring_system epss
scoring_elements 0.15468
published_at 2026-04-09T12:55:00Z
7
value 0.0005
scoring_system epss
scoring_elements 0.15418
published_at 2026-04-08T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16335
published_at 2026-04-18T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16259
published_at 2026-04-26T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16263
published_at 2026-04-24T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16369
published_at 2026-04-21T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.16315
published_at 2026-04-16T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16218
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34516
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34516
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34516
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454112
reference_id 2454112
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454112
11
reference_url https://github.com/advisories/GHSA-m5qp-6w8w-w647
reference_id GHSA-m5qp-6w8w-w647
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m5qp-6w8w-w647
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34516, GHSA-m5qp-6w8w-w647
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg9h-fysf-xygf
3
url VCID-d3pa-kwgz-vuag
vulnerability_id VCID-d3pa-kwgz-vuag
summary 
AIOHTTP vulnerable to  denial of service through large payloads
### Summary
A request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing.

### Impact
If an application includes a handler that uses the `Request.post()` method, an attacker may be able to freeze the server by exhausting the memory.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69228
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.1943
published_at 2026-04-29T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.19467
published_at 2026-04-26T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19479
published_at 2026-04-24T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19584
published_at 2026-04-21T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19572
published_at 2026-04-18T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19565
published_at 2026-04-16T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19637
published_at 2026-04-08T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19835
published_at 2026-04-04T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19557
published_at 2026-04-07T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19689
published_at 2026-04-09T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19587
published_at 2026-04-13T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19782
published_at 2026-04-02T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19646
published_at 2026-04-12T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19695
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69228
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/
url https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69228
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69228
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427254
reference_id 2427254
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427254
9
reference_url https://github.com/advisories/GHSA-6jhg-hg63-jvvf
reference_id GHSA-6jhg-hg63-jvvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6jhg-hg63-jvvf
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
12
reference_url https://access.redhat.com/errata/RHSA-2026:5809
reference_id RHSA-2026:5809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5809
13
reference_url https://access.redhat.com/errata/RHSA-2026:6761
reference_id RHSA-2026:6761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6761
14
reference_url https://access.redhat.com/errata/RHSA-2026:6762
reference_id RHSA-2026:6762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6762
15
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69228, GHSA-6jhg-hg63-jvvf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3pa-kwgz-vuag
4
url VCID-drqp-x9gc-2qd3
vulnerability_id VCID-drqp-x9gc-2qd3
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34518
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11175
published_at 2026-04-29T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11236
published_at 2026-04-26T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11208
published_at 2026-04-18T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.11277
published_at 2026-04-24T12:55:00Z
4
value 0.00038
scoring_system epss
scoring_elements 0.11337
published_at 2026-04-21T12:55:00Z
5
value 0.0004
scoring_system epss
scoring_elements 0.122
published_at 2026-04-02T12:55:00Z
6
value 0.0004
scoring_system epss
scoring_elements 0.12245
published_at 2026-04-04T12:55:00Z
7
value 0.00052
scoring_system epss
scoring_elements 0.16355
published_at 2026-04-07T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16325
published_at 2026-04-16T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16386
published_at 2026-04-13T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16446
published_at 2026-04-12T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16485
published_at 2026-04-11T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.165
published_at 2026-04-09T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16441
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34518
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34518
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34518
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454098
reference_id 2454098
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454098
11
reference_url https://github.com/advisories/GHSA-966j-vmvw-g2g9
reference_id GHSA-966j-vmvw-g2g9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-966j-vmvw-g2g9
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34518, GHSA-966j-vmvw-g2g9
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drqp-x9gc-2qd3
5
url VCID-ekqy-23wg-5ugu
vulnerability_id VCID-ekqy-23wg-5ugu
summary 
In aiohttp, compressed files as symlinks are not protected from path traversal
### Summary
Static routes which contain files with compressed variants (`.gz` or `.br` extension) were vulnerable to path traversal outside the root directory if those variants are symbolic links.

### Details
The server protects static routes from path traversal outside the root directory when `follow_symlinks=False` (default).  It does this by resolving the requested URL to an absolute path and then checking that path relative to the root.  However, these checks are not performed when looking for compressed variants in the `FileResponse` class, and symbolic links are then automatically followed when performing `Path.stat()` and `Path.open()` to send the file.

### Impact
Servers with static routes that contain compressed variants as symbolic links, pointing outside the root directory, or that permit users to upload or create such links, are impacted.

----

Patch: https://github.com/aio-libs/aiohttp/pull/8653/files
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42367.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42367.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42367
reference_id
reference_type
scores
0
value 0.00352
scoring_system epss
scoring_elements 0.57586
published_at 2026-04-29T12:55:00Z
1
value 0.00352
scoring_system epss
scoring_elements 0.57607
published_at 2026-04-26T12:55:00Z
2
value 0.00352
scoring_system epss
scoring_elements 0.57587
published_at 2026-04-24T12:55:00Z
3
value 0.00352
scoring_system epss
scoring_elements 0.57629
published_at 2026-04-21T12:55:00Z
4
value 0.00352
scoring_system epss
scoring_elements 0.57655
published_at 2026-04-16T12:55:00Z
5
value 0.00352
scoring_system epss
scoring_elements 0.57625
published_at 2026-04-13T12:55:00Z
6
value 0.00352
scoring_system epss
scoring_elements 0.57645
published_at 2026-04-12T12:55:00Z
7
value 0.00352
scoring_system epss
scoring_elements 0.57665
published_at 2026-04-11T12:55:00Z
8
value 0.00352
scoring_system epss
scoring_elements 0.5765
published_at 2026-04-18T12:55:00Z
9
value 0.00352
scoring_system epss
scoring_elements 0.57593
published_at 2026-04-07T12:55:00Z
10
value 0.00352
scoring_system epss
scoring_elements 0.57618
published_at 2026-04-04T12:55:00Z
11
value 0.00352
scoring_system epss
scoring_elements 0.57646
published_at 2026-04-08T12:55:00Z
12
value 0.00352
scoring_system epss
scoring_elements 0.57597
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42367
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
4
reference_url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_fileresponse.py#L177
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_fileresponse.py#L177
5
reference_url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_urldispatcher.py#L674
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_urldispatcher.py#L674
6
reference_url https://github.com/aio-libs/aiohttp/commit/ce2e9758814527589b10759a20783fb03b98339f
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/commit/ce2e9758814527589b10759a20783fb03b98339f
7
reference_url https://github.com/aio-libs/aiohttp/pull/8653
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/pull/8653
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42367
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42367
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2304394
reference_id 2304394
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2304394
11
reference_url https://github.com/advisories/GHSA-jwhx-xcg6-8xhj
reference_id GHSA-jwhx-xcg6-8xhj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwhx-xcg6-8xhj
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
aliases CVE-2024-42367, GHSA-jwhx-xcg6-8xhj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ekqy-23wg-5ugu
6
url VCID-ft9z-nd6x-27dz
vulnerability_id VCID-ft9z-nd6x-27dz
summary 
AIOHTTP has unicode match groups in regexes for ASCII protocol elements
### Summary

The parser allows non-ASCII decimals to be present in the Range header.

### Impact

There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability.

----

Patch: https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69225
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13843
published_at 2026-04-29T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.1391
published_at 2026-04-26T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.13936
published_at 2026-04-24T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.13935
published_at 2026-04-13T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.14126
published_at 2026-04-04T12:55:00Z
5
value 0.00045
scoring_system epss
scoring_elements 0.13932
published_at 2026-04-07T12:55:00Z
6
value 0.00045
scoring_system epss
scoring_elements 0.14014
published_at 2026-04-08T12:55:00Z
7
value 0.00045
scoring_system epss
scoring_elements 0.14067
published_at 2026-04-09T12:55:00Z
8
value 0.00045
scoring_system epss
scoring_elements 0.14022
published_at 2026-04-11T12:55:00Z
9
value 0.00045
scoring_system epss
scoring_elements 0.13985
published_at 2026-04-12T12:55:00Z
10
value 0.00045
scoring_system epss
scoring_elements 0.13905
published_at 2026-04-21T12:55:00Z
11
value 0.00045
scoring_system epss
scoring_elements 0.14072
published_at 2026-04-02T12:55:00Z
12
value 0.00045
scoring_system epss
scoring_elements 0.13833
published_at 2026-04-18T12:55:00Z
13
value 0.00045
scoring_system epss
scoring_elements 0.13839
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69225
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/
url https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69225
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69225
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427253
reference_id 2427253
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427253
9
reference_url https://github.com/advisories/GHSA-mqqc-3gqh-h2x8
reference_id GHSA-mqqc-3gqh-h2x8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqqc-3gqh-h2x8
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69225, GHSA-mqqc-3gqh-h2x8
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ft9z-nd6x-27dz
7
url VCID-g4rj-1kzy-pkft
vulnerability_id VCID-g4rj-1kzy-pkft
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34525
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24814
published_at 2026-04-02T12:55:00Z
1
value 0.00085
scoring_system epss
scoring_elements 0.24852
published_at 2026-04-04T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.27783
published_at 2026-04-12T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27825
published_at 2026-04-11T12:55:00Z
4
value 0.001
scoring_system epss
scoring_elements 0.2782
published_at 2026-04-09T12:55:00Z
5
value 0.001
scoring_system epss
scoring_elements 0.27777
published_at 2026-04-08T12:55:00Z
6
value 0.001
scoring_system epss
scoring_elements 0.27709
published_at 2026-04-07T12:55:00Z
7
value 0.001
scoring_system epss
scoring_elements 0.27734
published_at 2026-04-16T12:55:00Z
8
value 0.001
scoring_system epss
scoring_elements 0.27726
published_at 2026-04-13T12:55:00Z
9
value 0.00119
scoring_system epss
scoring_elements 0.30498
published_at 2026-04-29T12:55:00Z
10
value 0.00119
scoring_system epss
scoring_elements 0.30894
published_at 2026-04-18T12:55:00Z
11
value 0.00119
scoring_system epss
scoring_elements 0.3086
published_at 2026-04-21T12:55:00Z
12
value 0.00119
scoring_system epss
scoring_elements 0.30698
published_at 2026-04-24T12:55:00Z
13
value 0.00119
scoring_system epss
scoring_elements 0.30582
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34525
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000
6
reference_url https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349
7
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34525
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34525
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454096
reference_id 2454096
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454096
12
reference_url https://github.com/advisories/GHSA-c427-h43c-vf67
reference_id GHSA-c427-h43c-vf67
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c427-h43c-vf67
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34525, GHSA-c427-h43c-vf67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g4rj-1kzy-pkft
8
url VCID-hyh4-58xy-xfge
vulnerability_id VCID-hyh4-58xy-xfge
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34517
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12245
published_at 2026-04-04T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.122
published_at 2026-04-02T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.15771
published_at 2026-04-29T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15744
published_at 2026-04-16T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15753
published_at 2026-04-18T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.15796
published_at 2026-04-21T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15817
published_at 2026-04-24T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15814
published_at 2026-04-26T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16485
published_at 2026-04-11T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16446
published_at 2026-04-12T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16355
published_at 2026-04-07T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16441
published_at 2026-04-08T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.165
published_at 2026-04-09T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16386
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34517
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34517
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34517
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454095
reference_id 2454095
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454095
11
reference_url https://github.com/advisories/GHSA-3wq7-rqq7-wx6j
reference_id GHSA-3wq7-rqq7-wx6j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3wq7-rqq7-wx6j
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34517, GHSA-3wq7-rqq7-wx6j
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyh4-58xy-xfge
9
url VCID-jxqg-x9dh-z3hb
vulnerability_id VCID-jxqg-x9dh-z3hb
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23829
reference_id
reference_type
scores
0
value 0.00475
scoring_system epss
scoring_elements 0.64834
published_at 2026-04-24T12:55:00Z
1
value 0.00475
scoring_system epss
scoring_elements 0.64843
published_at 2026-04-29T12:55:00Z
2
value 0.00475
scoring_system epss
scoring_elements 0.64847
published_at 2026-04-26T12:55:00Z
3
value 0.00475
scoring_system epss
scoring_elements 0.64816
published_at 2026-04-21T12:55:00Z
4
value 0.00515
scoring_system epss
scoring_elements 0.6659
published_at 2026-04-02T12:55:00Z
5
value 0.00515
scoring_system epss
scoring_elements 0.66588
published_at 2026-04-07T12:55:00Z
6
value 0.00515
scoring_system epss
scoring_elements 0.66617
published_at 2026-04-04T12:55:00Z
7
value 0.00515
scoring_system epss
scoring_elements 0.66674
published_at 2026-04-18T12:55:00Z
8
value 0.00515
scoring_system epss
scoring_elements 0.6666
published_at 2026-04-16T12:55:00Z
9
value 0.00515
scoring_system epss
scoring_elements 0.66624
published_at 2026-04-13T12:55:00Z
10
value 0.00515
scoring_system epss
scoring_elements 0.66657
published_at 2026-04-12T12:55:00Z
11
value 0.00515
scoring_system epss
scoring_elements 0.66669
published_at 2026-04-11T12:55:00Z
12
value 0.00515
scoring_system epss
scoring_elements 0.6665
published_at 2026-04-09T12:55:00Z
13
value 0.00515
scoring_system epss
scoring_elements 0.66636
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23829
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
6
reference_url https://github.com/aio-libs/aiohttp/pull/3235
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/3235
7
reference_url https://github.com/aio-libs/aiohttp/pull/8074
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/pull/8074
8
reference_url https://github.com/aio-libs/aiohttp/pull/8074/files
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/8074/files
9
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
10
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml
12
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23829
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23829
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708
reference_id 1062708
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2261909
reference_id 2261909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2261909
19
reference_url https://github.com/advisories/GHSA-8qpw-xqxj-h4r2
reference_id GHSA-8qpw-xqxj-h4r2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8qpw-xqxj-h4r2
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
reference_id ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
21
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
22
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
aliases CVE-2024-23829, GHSA-8qpw-xqxj-h4r2, PYSEC-2024-26
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxqg-x9dh-z3hb
10
url VCID-k122-7d38-2ug5
vulnerability_id VCID-k122-7d38-2ug5
summary 
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
### Summary
The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request.

### Impact
If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.

----

Patch: https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53643
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23245
published_at 2026-04-02T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23152
published_at 2026-04-08T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.23289
published_at 2026-04-04T12:55:00Z
3
value 0.00078
scoring_system epss
scoring_elements 0.23078
published_at 2026-04-07T12:55:00Z
4
value 0.00086
scoring_system epss
scoring_elements 0.24852
published_at 2026-04-18T12:55:00Z
5
value 0.00086
scoring_system epss
scoring_elements 0.24858
published_at 2026-04-16T12:55:00Z
6
value 0.00086
scoring_system epss
scoring_elements 0.24847
published_at 2026-04-13T12:55:00Z
7
value 0.00086
scoring_system epss
scoring_elements 0.24901
published_at 2026-04-12T12:55:00Z
8
value 0.00086
scoring_system epss
scoring_elements 0.2494
published_at 2026-04-11T12:55:00Z
9
value 0.00086
scoring_system epss
scoring_elements 0.24925
published_at 2026-04-09T12:55:00Z
10
value 0.00086
scoring_system epss
scoring_elements 0.24716
published_at 2026-04-29T12:55:00Z
11
value 0.00086
scoring_system epss
scoring_elements 0.24762
published_at 2026-04-26T12:55:00Z
12
value 0.00086
scoring_system epss
scoring_elements 0.24773
published_at 2026-04-24T12:55:00Z
13
value 0.00086
scoring_system epss
scoring_elements 0.2483
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53643
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/
url https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53643
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53643
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336
reference_id 1109336
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2380000
reference_id 2380000
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2380000
10
reference_url https://github.com/advisories/GHSA-9548-qrrj-x5pj
reference_id GHSA-9548-qrrj-x5pj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9548-qrrj-x5pj
11
reference_url https://access.redhat.com/errata/RHSA-2025:22759
reference_id RHSA-2025:22759
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22759
12
reference_url https://access.redhat.com/errata/RHSA-2025:22939
reference_id RHSA-2025:22939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22939
13
reference_url https://access.redhat.com/errata/RHSA-2025:22944
reference_id RHSA-2025:22944
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22944
14
reference_url https://access.redhat.com/errata/RHSA-2025:23531
reference_id RHSA-2025:23531
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23531
15
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
16
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
17
reference_url https://access.redhat.com/errata/RHSA-2026:2760
reference_id RHSA-2026:2760
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2760
18
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-53643, GHSA-9548-qrrj-x5pj
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k122-7d38-2ug5
11
url VCID-kf4p-q9n9-ayhn
vulnerability_id VCID-kf4p-q9n9-ayhn
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22815
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11462
published_at 2026-04-04T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.122
published_at 2026-04-02T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16263
published_at 2026-04-24T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16369
published_at 2026-04-21T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16335
published_at 2026-04-18T12:55:00Z
5
value 0.00052
scoring_system epss
scoring_elements 0.16315
published_at 2026-04-16T12:55:00Z
6
value 0.00052
scoring_system epss
scoring_elements 0.16346
published_at 2026-04-07T12:55:00Z
7
value 0.00052
scoring_system epss
scoring_elements 0.16218
published_at 2026-04-29T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16259
published_at 2026-04-26T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16475
published_at 2026-04-11T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16491
published_at 2026-04-09T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16432
published_at 2026-04-08T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.16375
published_at 2026-04-13T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16436
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22815
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22815
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22815
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454093
reference_id 2454093
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454093
11
reference_url https://github.com/advisories/GHSA-w2fm-2cpv-w7v5
reference_id GHSA-w2fm-2cpv-w7v5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2fm-2cpv-w7v5
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-22815, GHSA-w2fm-2cpv-w7v5
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kf4p-q9n9-ayhn
12
url VCID-peyu-fxyx-ayde
vulnerability_id VCID-peyu-fxyx-ayde
summary 
AIOHTTP vulnerable to DoS through chunked messages
### Summary

Handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks.

### Impact

If an application makes use of the `request.read()` method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
Patch: https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69229
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16113
published_at 2026-04-29T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16152
published_at 2026-04-26T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16154
published_at 2026-04-24T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16261
published_at 2026-04-21T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16223
published_at 2026-04-18T12:55:00Z
5
value 0.00052
scoring_system epss
scoring_elements 0.16204
published_at 2026-04-16T12:55:00Z
6
value 0.00052
scoring_system epss
scoring_elements 0.16268
published_at 2026-04-13T12:55:00Z
7
value 0.00052
scoring_system epss
scoring_elements 0.16336
published_at 2026-04-12T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16243
published_at 2026-04-07T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16392
published_at 2026-04-09T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16328
published_at 2026-04-08T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16454
published_at 2026-04-04T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.16375
published_at 2026-04-11T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16391
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69229
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
6
reference_url https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69229
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69229
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427257
reference_id 2427257
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427257
10
reference_url https://github.com/advisories/GHSA-g84x-mcqj-x9qq
reference_id GHSA-g84x-mcqj-x9qq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g84x-mcqj-x9qq
11
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69229, GHSA-g84x-mcqj-x9qq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-peyu-fxyx-ayde
13
url VCID-qrus-4szm-c3bj
vulnerability_id VCID-qrus-4szm-c3bj
summary 
AIOHTTP's unicode processing of header values could cause parsing discrepancies
### Summary
The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters.

### Impact
If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.

------

Patch: https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69224
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13124
published_at 2026-04-29T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13228
published_at 2026-04-26T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13256
published_at 2026-04-24T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13251
published_at 2026-04-21T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.13164
published_at 2026-04-18T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.13165
published_at 2026-04-16T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13259
published_at 2026-04-13T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13308
published_at 2026-04-12T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13243
published_at 2026-04-07T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13325
published_at 2026-04-08T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.13447
published_at 2026-04-04T12:55:00Z
11
value 0.00043
scoring_system epss
scoring_elements 0.13383
published_at 2026-04-02T12:55:00Z
12
value 0.00043
scoring_system epss
scoring_elements 0.13346
published_at 2026-04-11T12:55:00Z
13
value 0.00043
scoring_system epss
scoring_elements 0.13376
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69224
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/
url https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69224
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69224
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427246
reference_id 2427246
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427246
9
reference_url https://github.com/advisories/GHSA-69f9-5gxw-wvc2
reference_id GHSA-69f9-5gxw-wvc2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-69f9-5gxw-wvc2
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69224, GHSA-69f9-5gxw-wvc2
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrus-4szm-c3bj
14
url VCID-qt9z-6kwe-wbht
vulnerability_id VCID-qt9z-6kwe-wbht
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34514
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.1165
published_at 2026-04-29T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11693
published_at 2026-04-18T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11694
published_at 2026-04-16T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.11732
published_at 2026-04-26T12:55:00Z
4
value 0.00039
scoring_system epss
scoring_elements 0.11778
published_at 2026-04-24T12:55:00Z
5
value 0.00039
scoring_system epss
scoring_elements 0.1181
published_at 2026-04-21T12:55:00Z
6
value 0.00045
scoring_system epss
scoring_elements 0.13732
published_at 2026-04-02T12:55:00Z
7
value 0.00045
scoring_system epss
scoring_elements 0.13791
published_at 2026-04-04T12:55:00Z
8
value 0.00059
scoring_system epss
scoring_elements 0.18323
published_at 2026-04-13T12:55:00Z
9
value 0.00059
scoring_system epss
scoring_elements 0.18287
published_at 2026-04-07T12:55:00Z
10
value 0.00059
scoring_system epss
scoring_elements 0.18375
published_at 2026-04-12T12:55:00Z
11
value 0.00059
scoring_system epss
scoring_elements 0.18423
published_at 2026-04-09T12:55:00Z
12
value 0.00059
scoring_system epss
scoring_elements 0.1837
published_at 2026-04-08T12:55:00Z
13
value 0.00059
scoring_system epss
scoring_elements 0.18422
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34514
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34514
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34514
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454102
reference_id 2454102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454102
11
reference_url https://github.com/advisories/GHSA-2vrm-gr82-f7m5
reference_id GHSA-2vrm-gr82-f7m5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2vrm-gr82-f7m5
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34514, GHSA-2vrm-gr82-f7m5
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qt9z-6kwe-wbht
15
url VCID-sjws-ddnq-fke2
vulnerability_id VCID-sjws-ddnq-fke2
summary 
AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
### Summary
A zip bomb can be used to execute a DoS against the aiohttp server.

### Impact
An attacker may be able to send a compressed request that when decompressed by aiohttp could exhaust the host's memory.

------

Patch: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69223
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.1943
published_at 2026-04-29T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.19467
published_at 2026-04-26T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19479
published_at 2026-04-24T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19584
published_at 2026-04-21T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19572
published_at 2026-04-18T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19565
published_at 2026-04-16T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19637
published_at 2026-04-08T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19835
published_at 2026-04-04T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19557
published_at 2026-04-07T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19689
published_at 2026-04-09T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19587
published_at 2026-04-13T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19782
published_at 2026-04-02T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19646
published_at 2026-04-12T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19695
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69223
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/
url https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69223
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69223
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427456
reference_id 2427456
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427456
9
reference_url https://github.com/advisories/GHSA-6mq8-rvhq-8wgg
reference_id GHSA-6mq8-rvhq-8wgg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mq8-rvhq-8wgg
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
12
reference_url https://access.redhat.com/errata/RHSA-2026:1497
reference_id RHSA-2026:1497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1497
13
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
14
reference_url https://access.redhat.com/errata/RHSA-2026:1596
reference_id RHSA-2026:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1596
15
reference_url https://access.redhat.com/errata/RHSA-2026:1599
reference_id RHSA-2026:1599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1599
16
reference_url https://access.redhat.com/errata/RHSA-2026:1609
reference_id RHSA-2026:1609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1609
17
reference_url https://access.redhat.com/errata/RHSA-2026:2106
reference_id RHSA-2026:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2106
18
reference_url https://access.redhat.com/errata/RHSA-2026:2695
reference_id RHSA-2026:2695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2695
19
reference_url https://access.redhat.com/errata/RHSA-2026:3461
reference_id RHSA-2026:3461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3461
20
reference_url https://access.redhat.com/errata/RHSA-2026:3462
reference_id RHSA-2026:3462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3462
21
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
22
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
23
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
24
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
25
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
26
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
27
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
28
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
29
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69223, GHSA-6mq8-rvhq-8wgg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjws-ddnq-fke2
16
url VCID-t9gx-etxx-vkgb
vulnerability_id VCID-t9gx-etxx-vkgb
summary 
AIOHTTP vulnerable to DoS when bypassing asserts
### Summary
When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body.

### Impact
If optimisations are enabled (`-O` or `PYTHONOPTIMIZE=1`), and the application includes a handler that uses the `Request.post()` method, then an attacker may be able to execute a DoS attack with a specially crafted message.

------

Patch: https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69227
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.1943
published_at 2026-04-29T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.19467
published_at 2026-04-26T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19479
published_at 2026-04-24T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19584
published_at 2026-04-21T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19572
published_at 2026-04-18T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19565
published_at 2026-04-16T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19637
published_at 2026-04-08T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19835
published_at 2026-04-04T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19557
published_at 2026-04-07T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19689
published_at 2026-04-09T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19587
published_at 2026-04-13T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19782
published_at 2026-04-02T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19646
published_at 2026-04-12T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19695
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69227
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/
url https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69227
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69227
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427256
reference_id 2427256
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427256
9
reference_url https://github.com/advisories/GHSA-jj3x-wxrx-4x23
reference_id GHSA-jj3x-wxrx-4x23
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jj3x-wxrx-4x23
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
12
reference_url https://access.redhat.com/errata/RHSA-2026:5809
reference_id RHSA-2026:5809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5809
13
reference_url https://access.redhat.com/errata/RHSA-2026:6761
reference_id RHSA-2026:6761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6761
14
reference_url https://access.redhat.com/errata/RHSA-2026:6762
reference_id RHSA-2026:6762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6762
15
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69227, GHSA-jj3x-wxrx-4x23
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9gx-etxx-vkgb
17
url VCID-tmjw-8cdt-7yf7
vulnerability_id VCID-tmjw-8cdt-7yf7
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34520
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13027
published_at 2026-04-04T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.13732
published_at 2026-04-02T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17325
published_at 2026-04-07T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17329
published_at 2026-04-16T12:55:00Z
4
value 0.00055
scoring_system epss
scoring_elements 0.17387
published_at 2026-04-13T12:55:00Z
5
value 0.00055
scoring_system epss
scoring_elements 0.17441
published_at 2026-04-12T12:55:00Z
6
value 0.00055
scoring_system epss
scoring_elements 0.17488
published_at 2026-04-11T12:55:00Z
7
value 0.00055
scoring_system epss
scoring_elements 0.17476
published_at 2026-04-09T12:55:00Z
8
value 0.00055
scoring_system epss
scoring_elements 0.17416
published_at 2026-04-08T12:55:00Z
9
value 0.00057
scoring_system epss
scoring_elements 0.17799
published_at 2026-04-29T12:55:00Z
10
value 0.00057
scoring_system epss
scoring_elements 0.17948
published_at 2026-04-21T12:55:00Z
11
value 0.00057
scoring_system epss
scoring_elements 0.17912
published_at 2026-04-18T12:55:00Z
12
value 0.00057
scoring_system epss
scoring_elements 0.17836
published_at 2026-04-26T12:55:00Z
13
value 0.00057
scoring_system epss
scoring_elements 0.17858
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34520
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34520
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34520
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454094
reference_id 2454094
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454094
11
reference_url https://github.com/advisories/GHSA-63hf-3vf5-4wqf
reference_id GHSA-63hf-3vf5-4wqf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-63hf-3vf5-4wqf
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34520, GHSA-63hf-3vf5-4wqf
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tmjw-8cdt-7yf7
18
url VCID-tn28-662n-vug8
vulnerability_id VCID-tn28-662n-vug8
summary 
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
### Summary

A XSS vulnerability exists on index pages for static file handling.

### Details

When using `web.static(..., show_index=True)`, the resulting index pages do not escape file names.

If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to XSS attacks.

### Workaround

We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected.

Other users can disable `show_index` if unable to upgrade.

-----

Patch: https://github.com/aio-libs/aiohttp/pull/8319/files
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27306
reference_id
reference_type
scores
0
value 0.00593
scoring_system epss
scoring_elements 0.69288
published_at 2026-04-21T12:55:00Z
1
value 0.00593
scoring_system epss
scoring_elements 0.6934
published_at 2026-04-24T12:55:00Z
2
value 0.00709
scoring_system epss
scoring_elements 0.72284
published_at 2026-04-29T12:55:00Z
3
value 0.00709
scoring_system epss
scoring_elements 0.72288
published_at 2026-04-26T12:55:00Z
4
value 0.00749
scoring_system epss
scoring_elements 0.73066
published_at 2026-04-07T12:55:00Z
5
value 0.00749
scoring_system epss
scoring_elements 0.73167
published_at 2026-04-18T12:55:00Z
6
value 0.00749
scoring_system epss
scoring_elements 0.73158
published_at 2026-04-16T12:55:00Z
7
value 0.00749
scoring_system epss
scoring_elements 0.73117
published_at 2026-04-09T12:55:00Z
8
value 0.00749
scoring_system epss
scoring_elements 0.73103
published_at 2026-04-08T12:55:00Z
9
value 0.00749
scoring_system epss
scoring_elements 0.73092
published_at 2026-04-04T12:55:00Z
10
value 0.00749
scoring_system epss
scoring_elements 0.73072
published_at 2026-04-02T12:55:00Z
11
value 0.00749
scoring_system epss
scoring_elements 0.73115
published_at 2026-04-13T12:55:00Z
12
value 0.00749
scoring_system epss
scoring_elements 0.73121
published_at 2026-04-12T12:55:00Z
13
value 0.00749
scoring_system epss
scoring_elements 0.73141
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27306
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397
6
reference_url https://github.com/aio-libs/aiohttp/pull/8319
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/pull/8319
7
reference_url https://github.com/aio-libs/aiohttp/pull/8319/files
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/8319/files
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
9
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27306
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27306
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665
reference_id 1070665
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2275989
reference_id 2275989
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2275989
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/
reference_id 2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/
17
reference_url https://github.com/advisories/GHSA-7gpw-8wmc-pm8g
reference_id GHSA-7gpw-8wmc-pm8g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gpw-8wmc-pm8g
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/
reference_id NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/
19
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
20
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
21
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
22
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/
reference_id ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
aliases CVE-2024-27306, GHSA-7gpw-8wmc-pm8g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn28-662n-vug8
19
url VCID-ttq3-65ny-skdg
vulnerability_id VCID-ttq3-65ny-skdg
summary 
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
### Impact

aiohttp v3.8.4 and earlier are [bundled with llhttp v6.0.6](https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules) which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel.

This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`).

### Reproducer

```python
from aiohttp import web

async def example(request: web.Request):
    headers = dict(request.headers)
    body = await request.content.read()
    return web.Response(text=f"headers: {headers} body: {body}")

app = web.Application()
app.add_routes([web.post('/', example)])
web.run_app(app)
```

Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling.

```console
$ printf "POST / HTTP/1.1\r\nHost: localhost:8080\r\nX-Abc: \rxTransfer-Encoding: chunked\r\n\r\n1\r\nA\r\n0\r\n\r\n" \
  | nc localhost 8080

Expected output:
  headers: {'Host': 'localhost:8080', 'X-Abc': '\rxTransfer-Encoding: chunked'} body: b''

Actual output (note that 'Transfer-Encoding: chunked' is an HTTP header now and body is treated differently)
  headers: {'Host': 'localhost:8080', 'X-Abc': '', 'Transfer-Encoding': 'chunked'} body: b'A'
```

### Patches

Upgrade to the latest version of aiohttp to resolve this vulnerability. It has been fixed in v3.8.5: [`pip install aiohttp >= 3.8.5`](https://pypi.org/project/aiohttp/3.8.5/)

### Workarounds

If you aren't able to upgrade you can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable to request smuggling:

```console
$ python -m pip uninstall --yes aiohttp
$ AIOHTTP_NO_EXTENSIONS=1 python -m pip install --no-binary=aiohttp --no-cache aiohttp
```

### References

* https://nvd.nist.gov/vuln/detail/CVE-2023-30589
* https://hackerone.com/reports/2001873
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37276.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37276.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37276
reference_id
reference_type
scores
0
value 0.05775
scoring_system epss
scoring_elements 0.9048
published_at 2026-04-09T12:55:00Z
1
value 0.05775
scoring_system epss
scoring_elements 0.90506
published_at 2026-04-29T12:55:00Z
2
value 0.05775
scoring_system epss
scoring_elements 0.90509
published_at 2026-04-26T12:55:00Z
3
value 0.05775
scoring_system epss
scoring_elements 0.90497
published_at 2026-04-21T12:55:00Z
4
value 0.05775
scoring_system epss
scoring_elements 0.90498
published_at 2026-04-18T12:55:00Z
5
value 0.05775
scoring_system epss
scoring_elements 0.90481
published_at 2026-04-13T12:55:00Z
6
value 0.05775
scoring_system epss
scoring_elements 0.90487
published_at 2026-04-12T12:55:00Z
7
value 0.05775
scoring_system epss
scoring_elements 0.90474
published_at 2026-04-08T12:55:00Z
8
value 0.05775
scoring_system epss
scoring_elements 0.90462
published_at 2026-04-07T12:55:00Z
9
value 0.05775
scoring_system epss
scoring_elements 0.90456
published_at 2026-04-04T12:55:00Z
10
value 0.05775
scoring_system epss
scoring_elements 0.90444
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37276
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
4
reference_url https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/
url https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules
5
reference_url https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/
url https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40
6
reference_url https://github.com/aio-libs/aiohttp/commit/9c13a52c21c23dfdb49ed89418d28a5b116d0681
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/9c13a52c21c23dfdb49ed89418d28a5b116d0681
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-120.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-120.yaml
9
reference_url https://hackerone.com/reports/2001873
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/
url https://hackerone.com/reports/2001873
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37276
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37276
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2224185
reference_id 2224185
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2224185
12
reference_url https://github.com/advisories/GHSA-45c4-8wx5-qw6w
reference_id GHSA-45c4-8wx5-qw6w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-45c4-8wx5-qw6w
13
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
aliases CVE-2023-37276, GHSA-45c4-8wx5-qw6w, PYSEC-2023-120
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttq3-65ny-skdg
20
url VCID-vqvz-jfqh-jkaz
vulnerability_id VCID-vqvz-jfqh-jkaz
summary 
AIOHTTP vulnerable to brute-force leak of internal static file path components
### Summary
Path normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the
existence of absolute path components.

### Impact
If an application uses `web.static()` (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components.

------

Patch: https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69226
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19575
published_at 2026-04-29T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.19611
published_at 2026-04-26T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19625
published_at 2026-04-24T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.1973
published_at 2026-04-21T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19718
published_at 2026-04-18T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19716
published_at 2026-04-16T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19982
published_at 2026-04-04T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.1984
published_at 2026-04-09T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19788
published_at 2026-04-08T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19708
published_at 2026-04-07T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19741
published_at 2026-04-13T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19927
published_at 2026-04-02T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19798
published_at 2026-04-12T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19843
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69226
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/
url https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69226
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69226
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427245
reference_id 2427245
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427245
9
reference_url https://github.com/advisories/GHSA-54jq-c3m8-4m76
reference_id GHSA-54jq-c3m8-4m76
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54jq-c3m8-4m76
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69226, GHSA-54jq-c3m8-4m76
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqvz-jfqh-jkaz
21
url VCID-zm3a-mf2z-xfcm
vulnerability_id VCID-zm3a-mf2z-xfcm
summary 
AIOHTTP Vulnerable to Cookie Parser Warning Storm
### Summary
Reading multiple invalid cookies can lead to a logging storm.

### Impact
If the ``cookies`` attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header.

----

Patch: https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69230
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02675
published_at 2026-04-29T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02618
published_at 2026-04-26T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02629
published_at 2026-04-24T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02641
published_at 2026-04-21T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02533
published_at 2026-04-18T12:55:00Z
5
value 0.00014
scoring_system epss
scoring_elements 0.02528
published_at 2026-04-16T12:55:00Z
6
value 0.00014
scoring_system epss
scoring_elements 0.02546
published_at 2026-04-07T12:55:00Z
7
value 0.00014
scoring_system epss
scoring_elements 0.02572
published_at 2026-04-09T12:55:00Z
8
value 0.00014
scoring_system epss
scoring_elements 0.02543
published_at 2026-04-12T12:55:00Z
9
value 0.00014
scoring_system epss
scoring_elements 0.02551
published_at 2026-04-08T12:55:00Z
10
value 0.00014
scoring_system epss
scoring_elements 0.02541
published_at 2026-04-13T12:55:00Z
11
value 0.00014
scoring_system epss
scoring_elements 0.02529
published_at 2026-04-02T12:55:00Z
12
value 0.00014
scoring_system epss
scoring_elements 0.02554
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69230
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69230
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69230
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/
url https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69230
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69230
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427255
reference_id 2427255
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427255
9
reference_url https://github.com/advisories/GHSA-fh55-r93g-j68g
reference_id GHSA-fh55-r93g-j68g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh55-r93g-j68g
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69230, GHSA-fh55-r93g-j68g
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zm3a-mf2z-xfcm
Fixing_vulnerabilities
0
url VCID-bcuu-jvzt-6fhn
vulnerability_id VCID-bcuu-jvzt-6fhn
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49081.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49081.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49081
reference_id
reference_type
scores
0
value 0.00457
scoring_system epss
scoring_elements 0.63902
published_at 2026-04-02T12:55:00Z
1
value 0.00457
scoring_system epss
scoring_elements 0.63928
published_at 2026-04-04T12:55:00Z
2
value 0.00457
scoring_system epss
scoring_elements 0.63886
published_at 2026-04-07T12:55:00Z
3
value 0.00457
scoring_system epss
scoring_elements 0.63983
published_at 2026-04-29T12:55:00Z
4
value 0.00457
scoring_system epss
scoring_elements 0.63985
published_at 2026-04-26T12:55:00Z
5
value 0.00457
scoring_system epss
scoring_elements 0.63973
published_at 2026-04-24T12:55:00Z
6
value 0.00457
scoring_system epss
scoring_elements 0.63965
published_at 2026-04-18T12:55:00Z
7
value 0.00457
scoring_system epss
scoring_elements 0.63937
published_at 2026-04-08T12:55:00Z
8
value 0.00457
scoring_system epss
scoring_elements 0.63955
published_at 2026-04-21T12:55:00Z
9
value 0.00457
scoring_system epss
scoring_elements 0.63967
published_at 2026-04-11T12:55:00Z
10
value 0.00457
scoring_system epss
scoring_elements 0.63953
published_at 2026-04-12T12:55:00Z
11
value 0.00457
scoring_system epss
scoring_elements 0.6392
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49081
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49081
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49081
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e
5
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
6
reference_url https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b
7
reference_url https://github.com/aio-libs/aiohttp/pull/7835/files
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/7835/files
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-250.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-250.yaml
10
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057163
reference_id 1057163
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057163
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252235
reference_id 2252235
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252235
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49081
reference_id CVE-2023-49081
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49081
16
reference_url https://github.com/advisories/GHSA-q3qx-c6g2-7pw2
reference_id GHSA-q3qx-c6g2-7pw2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3qx-c6g2-7pw2
17
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
18
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
19
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
aliases CVE-2023-49081, GHSA-q3qx-c6g2-7pw2, PYSEC-2023-250
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bcuu-jvzt-6fhn
1
url VCID-bhkk-2b7c-wfgr
vulnerability_id VCID-bhkk-2b7c-wfgr
summary 
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
### Summary
An attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests.

### Impact
An attacker can stop the application from serving requests after sending a single request.

-------

For anyone needing to patch older versions of aiohttp, the minimum diff needed to resolve the issue is (located in `_read_chunk_from_length()`):

```diff
diff --git a/aiohttp/multipart.py b/aiohttp/multipart.py
index 227be605c..71fc2654a 100644
--- a/aiohttp/multipart.py
+++ b/aiohttp/multipart.py
@@ -338,6 +338,8 @@ class BodyPartReader:
         assert self._length is not None, "Content-Length required for chunked read"
         chunk_size = min(size, self._length - self._read_bytes)
         chunk = await self._content.read(chunk_size)
+        if self._content.at_eof():
+            self._at_eof = True
         return chunk
 
     async def _read_chunk_from_stream(self, size: int) -> bytes:
```

This does however introduce some very minor issues with handling form data. So, if possible, it would be recommended to also backport the changes in:
https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19
https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597
https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30251.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30251.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30251
reference_id
reference_type
scores
0
value 0.00331
scoring_system epss
scoring_elements 0.56051
published_at 2026-04-21T12:55:00Z
1
value 0.00331
scoring_system epss
scoring_elements 0.55973
published_at 2026-04-29T12:55:00Z
2
value 0.00331
scoring_system epss
scoring_elements 0.55998
published_at 2026-04-26T12:55:00Z
3
value 0.00331
scoring_system epss
scoring_elements 0.55978
published_at 2026-04-24T12:55:00Z
4
value 0.00359
scoring_system epss
scoring_elements 0.58147
published_at 2026-04-12T12:55:00Z
5
value 0.00359
scoring_system epss
scoring_elements 0.58159
published_at 2026-04-18T12:55:00Z
6
value 0.00359
scoring_system epss
scoring_elements 0.58128
published_at 2026-04-13T12:55:00Z
7
value 0.00359
scoring_system epss
scoring_elements 0.58097
published_at 2026-04-07T12:55:00Z
8
value 0.00359
scoring_system epss
scoring_elements 0.58123
published_at 2026-04-04T12:55:00Z
9
value 0.00359
scoring_system epss
scoring_elements 0.58101
published_at 2026-04-02T12:55:00Z
10
value 0.00359
scoring_system epss
scoring_elements 0.58171
published_at 2026-04-11T12:55:00Z
11
value 0.00359
scoring_system epss
scoring_elements 0.58155
published_at 2026-04-09T12:55:00Z
12
value 0.00359
scoring_system epss
scoring_elements 0.58151
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30251
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30251
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30251
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/
url https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597
6
reference_url https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/
url https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19
7
reference_url https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/
url https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84
9
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30251
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-30251
11
reference_url http://www.openwall.com/lists/oss-security/2024/05/02/4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/
url http://www.openwall.com/lists/oss-security/2024/05/02/4
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070364
reference_id 1070364
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070364
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2278710
reference_id 2278710
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2278710
14
reference_url https://github.com/advisories/GHSA-5m98-qgg9-wh84
reference_id GHSA-5m98-qgg9-wh84
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5m98-qgg9-wh84
15
reference_url https://security.gentoo.org/glsa/202408-11
reference_id GLSA-202408-11
reference_type
scores
url https://security.gentoo.org/glsa/202408-11
16
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
17
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
18
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
aliases CVE-2024-30251, GHSA-5m98-qgg9-wh84
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhkk-2b7c-wfgr
2
url VCID-jxqg-x9dh-z3hb
vulnerability_id VCID-jxqg-x9dh-z3hb
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23829
reference_id
reference_type
scores
0
value 0.00475
scoring_system epss
scoring_elements 0.64834
published_at 2026-04-24T12:55:00Z
1
value 0.00475
scoring_system epss
scoring_elements 0.64843
published_at 2026-04-29T12:55:00Z
2
value 0.00475
scoring_system epss
scoring_elements 0.64847
published_at 2026-04-26T12:55:00Z
3
value 0.00475
scoring_system epss
scoring_elements 0.64816
published_at 2026-04-21T12:55:00Z
4
value 0.00515
scoring_system epss
scoring_elements 0.6659
published_at 2026-04-02T12:55:00Z
5
value 0.00515
scoring_system epss
scoring_elements 0.66588
published_at 2026-04-07T12:55:00Z
6
value 0.00515
scoring_system epss
scoring_elements 0.66617
published_at 2026-04-04T12:55:00Z
7
value 0.00515
scoring_system epss
scoring_elements 0.66674
published_at 2026-04-18T12:55:00Z
8
value 0.00515
scoring_system epss
scoring_elements 0.6666
published_at 2026-04-16T12:55:00Z
9
value 0.00515
scoring_system epss
scoring_elements 0.66624
published_at 2026-04-13T12:55:00Z
10
value 0.00515
scoring_system epss
scoring_elements 0.66657
published_at 2026-04-12T12:55:00Z
11
value 0.00515
scoring_system epss
scoring_elements 0.66669
published_at 2026-04-11T12:55:00Z
12
value 0.00515
scoring_system epss
scoring_elements 0.6665
published_at 2026-04-09T12:55:00Z
13
value 0.00515
scoring_system epss
scoring_elements 0.66636
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23829
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
6
reference_url https://github.com/aio-libs/aiohttp/pull/3235
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/3235
7
reference_url https://github.com/aio-libs/aiohttp/pull/8074
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/pull/8074
8
reference_url https://github.com/aio-libs/aiohttp/pull/8074/files
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/8074/files
9
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
10
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml
12
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23829
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23829
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708
reference_id 1062708
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2261909
reference_id 2261909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2261909
19
reference_url https://github.com/advisories/GHSA-8qpw-xqxj-h4r2
reference_id GHSA-8qpw-xqxj-h4r2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8qpw-xqxj-h4r2
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
reference_id ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
21
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
22
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
aliases CVE-2024-23829, GHSA-8qpw-xqxj-h4r2, PYSEC-2024-26
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxqg-x9dh-z3hb
3
url VCID-pmr9-w1fc-93cm
vulnerability_id VCID-pmr9-w1fc-93cm
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47627.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47627.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-47627
reference_id
reference_type
scores
0
value 0.00239
scoring_system epss
scoring_elements 0.46985
published_at 2026-04-26T12:55:00Z
1
value 0.00239
scoring_system epss
scoring_elements 0.46974
published_at 2026-04-24T12:55:00Z
2
value 0.00239
scoring_system epss
scoring_elements 0.46988
published_at 2026-04-21T12:55:00Z
3
value 0.00239
scoring_system epss
scoring_elements 0.46937
published_at 2026-04-29T12:55:00Z
4
value 0.0026
scoring_system epss
scoring_elements 0.49252
published_at 2026-04-07T12:55:00Z
5
value 0.0026
scoring_system epss
scoring_elements 0.49307
published_at 2026-04-08T12:55:00Z
6
value 0.0026
scoring_system epss
scoring_elements 0.49303
published_at 2026-04-09T12:55:00Z
7
value 0.0026
scoring_system epss
scoring_elements 0.49295
published_at 2026-04-12T12:55:00Z
8
value 0.0026
scoring_system epss
scoring_elements 0.49321
published_at 2026-04-11T12:55:00Z
9
value 0.0026
scoring_system epss
scoring_elements 0.49271
published_at 2026-04-02T12:55:00Z
10
value 0.0026
scoring_system epss
scoring_elements 0.49298
published_at 2026-04-13T12:55:00Z
11
value 0.0026
scoring_system epss
scoring_elements 0.49342
published_at 2026-04-18T12:55:00Z
12
value 0.0026
scoring_system epss
scoring_elements 0.49346
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-47627
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47627
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47627
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/
url https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.8.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.8.6
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-246.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-246.yaml
9
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2249825
reference_id 2249825
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2249825
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47627
reference_id CVE-2023-47627
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-47627
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U/
reference_id FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U/
16
reference_url https://github.com/advisories/GHSA-gfw2-4jvh-wgfg
reference_id GHSA-gfw2-4jvh-wgfg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gfw2-4jvh-wgfg
17
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
18
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
19
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35/
reference_id VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM/
reference_id WQYQL6WV535EEKSNH7KRARLLMOW5WXDM
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
aliases CVE-2023-47627, GHSA-gfw2-4jvh-wgfg, PYSEC-2023-246
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pmr9-w1fc-93cm
4
url VCID-pqus-ew4j-k7da
vulnerability_id VCID-pqus-ew4j-k7da
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23334.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23334.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23334
reference_id
reference_type
scores
0
value 0.93482
scoring_system epss
scoring_elements 0.99823
published_at 2026-04-16T12:55:00Z
1
value 0.93482
scoring_system epss
scoring_elements 0.99822
published_at 2026-04-11T12:55:00Z
2
value 0.93482
scoring_system epss
scoring_elements 0.99828
published_at 2026-04-29T12:55:00Z
3
value 0.93482
scoring_system epss
scoring_elements 0.99821
published_at 2026-04-07T12:55:00Z
4
value 0.93482
scoring_system epss
scoring_elements 0.99827
published_at 2026-04-26T12:55:00Z
5
value 0.93482
scoring_system epss
scoring_elements 0.99826
published_at 2026-04-24T12:55:00Z
6
value 0.93482
scoring_system epss
scoring_elements 0.99825
published_at 2026-04-21T12:55:00Z
7
value 0.93482
scoring_system epss
scoring_elements 0.99824
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23334
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23334
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23334
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/
url https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b
6
reference_url https://github.com/aio-libs/aiohttp/pull/8079
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/
url https://github.com/aio-libs/aiohttp/pull/8079
7
reference_url https://github.com/aio-libs/aiohttp/pull/8079/files
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/8079/files
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-24.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-24.yaml
10
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23334
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23334
15
reference_url https://www.exploit-db.com/exploits/52474
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/52474
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062709
reference_id 1062709
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062709
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2261887
reference_id 2261887
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2261887
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/52474.txt
reference_id CVE-2024-23334
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/52474.txt
19
reference_url https://github.com/advisories/GHSA-5h86-8mv2-jq9f
reference_id GHSA-5h86-8mv2-jq9f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5h86-8mv2-jq9f
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
reference_id ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
21
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
22
reference_url https://usn.ubuntu.com/6991-1/
reference_id USN-6991-1
reference_type
scores
url https://usn.ubuntu.com/6991-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
aliases CVE-2024-23334, GHSA-5h86-8mv2-jq9f, PYSEC-2024-24
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqus-ew4j-k7da
5
url VCID-t2aj-cszz-tyd7
vulnerability_id VCID-t2aj-cszz-tyd7
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47641.json
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47641.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-47641
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.54908
published_at 2026-04-02T12:55:00Z
1
value 0.00319
scoring_system epss
scoring_elements 0.54965
published_at 2026-04-18T12:55:00Z
2
value 0.00319
scoring_system epss
scoring_elements 0.54954
published_at 2026-04-08T12:55:00Z
3
value 0.00319
scoring_system epss
scoring_elements 0.54953
published_at 2026-04-09T12:55:00Z
4
value 0.00319
scoring_system epss
scoring_elements 0.54947
published_at 2026-04-12T12:55:00Z
5
value 0.00319
scoring_system epss
scoring_elements 0.54919
published_at 2026-04-24T12:55:00Z
6
value 0.00319
scoring_system epss
scoring_elements 0.54943
published_at 2026-04-21T12:55:00Z
7
value 0.00319
scoring_system epss
scoring_elements 0.54961
published_at 2026-04-16T12:55:00Z
8
value 0.00319
scoring_system epss
scoring_elements 0.54924
published_at 2026-04-13T12:55:00Z
9
value 0.00319
scoring_system epss
scoring_elements 0.54934
published_at 2026-04-04T12:55:00Z
10
value 0.00319
scoring_system epss
scoring_elements 0.54904
published_at 2026-04-07T12:55:00Z
11
value 0.00358
scoring_system epss
scoring_elements 0.57972
published_at 2026-04-29T12:55:00Z
12
value 0.00358
scoring_system epss
scoring_elements 0.57989
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-47641
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47641
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:18:44Z/
url https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.8.0
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.8.0
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value LOW
scoring_system cvssv3.1_qr
scoring_elements
3
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:18:44Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-247.yaml
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-247.yaml
9
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2250179
reference_id 2250179
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2250179
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47641
reference_id CVE-2023-47641
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-47641
12
reference_url https://github.com/advisories/GHSA-xx9p-xxvh-7g8j
reference_id GHSA-xx9p-xxvh-7g8j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx9p-xxvh-7g8j
13
reference_url https://security.gentoo.org/glsa/202408-11
reference_id GLSA-202408-11
reference_type
scores
url https://security.gentoo.org/glsa/202408-11
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
aliases CVE-2023-47641, GHSA-xx9p-xxvh-7g8j, PYSEC-2023-247
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2aj-cszz-tyd7
6
url VCID-tn28-662n-vug8
vulnerability_id VCID-tn28-662n-vug8
summary 
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
### Summary

A XSS vulnerability exists on index pages for static file handling.

### Details

When using `web.static(..., show_index=True)`, the resulting index pages do not escape file names.

If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to XSS attacks.

### Workaround

We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected.

Other users can disable `show_index` if unable to upgrade.

-----

Patch: https://github.com/aio-libs/aiohttp/pull/8319/files
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27306
reference_id
reference_type
scores
0
value 0.00593
scoring_system epss
scoring_elements 0.69288
published_at 2026-04-21T12:55:00Z
1
value 0.00593
scoring_system epss
scoring_elements 0.6934
published_at 2026-04-24T12:55:00Z
2
value 0.00709
scoring_system epss
scoring_elements 0.72284
published_at 2026-04-29T12:55:00Z
3
value 0.00709
scoring_system epss
scoring_elements 0.72288
published_at 2026-04-26T12:55:00Z
4
value 0.00749
scoring_system epss
scoring_elements 0.73066
published_at 2026-04-07T12:55:00Z
5
value 0.00749
scoring_system epss
scoring_elements 0.73167
published_at 2026-04-18T12:55:00Z
6
value 0.00749
scoring_system epss
scoring_elements 0.73158
published_at 2026-04-16T12:55:00Z
7
value 0.00749
scoring_system epss
scoring_elements 0.73117
published_at 2026-04-09T12:55:00Z
8
value 0.00749
scoring_system epss
scoring_elements 0.73103
published_at 2026-04-08T12:55:00Z
9
value 0.00749
scoring_system epss
scoring_elements 0.73092
published_at 2026-04-04T12:55:00Z
10
value 0.00749
scoring_system epss
scoring_elements 0.73072
published_at 2026-04-02T12:55:00Z
11
value 0.00749
scoring_system epss
scoring_elements 0.73115
published_at 2026-04-13T12:55:00Z
12
value 0.00749
scoring_system epss
scoring_elements 0.73121
published_at 2026-04-12T12:55:00Z
13
value 0.00749
scoring_system epss
scoring_elements 0.73141
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27306
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397
6
reference_url https://github.com/aio-libs/aiohttp/pull/8319
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/pull/8319
7
reference_url https://github.com/aio-libs/aiohttp/pull/8319/files
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/8319/files
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
9
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27306
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27306
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665
reference_id 1070665
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2275989
reference_id 2275989
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2275989
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/
reference_id 2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/
17
reference_url https://github.com/advisories/GHSA-7gpw-8wmc-pm8g
reference_id GHSA-7gpw-8wmc-pm8g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gpw-8wmc-pm8g
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/
reference_id NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/
19
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
20
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
21
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
22
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/
reference_id ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
aliases CVE-2024-27306, GHSA-7gpw-8wmc-pm8g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn28-662n-vug8
7
url VCID-ue33-na1g-rqa7
vulnerability_id VCID-ue33-na1g-rqa7
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49082.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49082.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49082
reference_id
reference_type
scores
0
value 0.00221
scoring_system epss
scoring_elements 0.44596
published_at 2026-04-29T12:55:00Z
1
value 0.00221
scoring_system epss
scoring_elements 0.44773
published_at 2026-04-13T12:55:00Z
2
value 0.00221
scoring_system epss
scoring_elements 0.44749
published_at 2026-04-21T12:55:00Z
3
value 0.00221
scoring_system epss
scoring_elements 0.4482
published_at 2026-04-18T12:55:00Z
4
value 0.00221
scoring_system epss
scoring_elements 0.44826
published_at 2026-04-16T12:55:00Z
5
value 0.00221
scoring_system epss
scoring_elements 0.44772
published_at 2026-04-12T12:55:00Z
6
value 0.00221
scoring_system epss
scoring_elements 0.44802
published_at 2026-04-11T12:55:00Z
7
value 0.00221
scoring_system epss
scoring_elements 0.44786
published_at 2026-04-09T12:55:00Z
8
value 0.00221
scoring_system epss
scoring_elements 0.44783
published_at 2026-04-08T12:55:00Z
9
value 0.00221
scoring_system epss
scoring_elements 0.4473
published_at 2026-04-07T12:55:00Z
10
value 0.00221
scoring_system epss
scoring_elements 0.44791
published_at 2026-04-04T12:55:00Z
11
value 0.00221
scoring_system epss
scoring_elements 0.4477
published_at 2026-04-02T12:55:00Z
12
value 0.00221
scoring_system epss
scoring_elements 0.44675
published_at 2026-04-26T12:55:00Z
13
value 0.00221
scoring_system epss
scoring_elements 0.44668
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49082
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49082
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49082
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b
5
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
6
reference_url https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466
7
reference_url https://github.com/aio-libs/aiohttp/pull/7806/files
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/7806/files
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-251.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-251.yaml
10
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057164
reference_id 1057164
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057164
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252248
reference_id 2252248
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252248
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49082
reference_id CVE-2023-49082
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49082
16
reference_url https://github.com/advisories/GHSA-qvrw-v9rv-5rjx
reference_id GHSA-qvrw-v9rv-5rjx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvrw-v9rv-5rjx
17
reference_url https://security.gentoo.org/glsa/202408-11
reference_id GLSA-202408-11
reference_type
scores
url https://security.gentoo.org/glsa/202408-11
18
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
19
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
20
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
aliases CVE-2023-49082, GHSA-qvrw-v9rv-5rjx, PYSEC-2023-251
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ue33-na1g-rqa7
8
url VCID-zrgm-47ph-x3g3
vulnerability_id VCID-zrgm-47ph-x3g3
summary 
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
### Summary
The Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions.

### Impact
If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52304.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52304.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52304
reference_id
reference_type
scores
0
value 0.00456
scoring_system epss
scoring_elements 0.63936
published_at 2026-04-29T12:55:00Z
1
value 0.00456
scoring_system epss
scoring_elements 0.63939
published_at 2026-04-26T12:55:00Z
2
value 0.00456
scoring_system epss
scoring_elements 0.63927
published_at 2026-04-24T12:55:00Z
3
value 0.00456
scoring_system epss
scoring_elements 0.63921
published_at 2026-04-18T12:55:00Z
4
value 0.00456
scoring_system epss
scoring_elements 0.63911
published_at 2026-04-21T12:55:00Z
5
value 0.00456
scoring_system epss
scoring_elements 0.63876
published_at 2026-04-13T12:55:00Z
6
value 0.00456
scoring_system epss
scoring_elements 0.63909
published_at 2026-04-12T12:55:00Z
7
value 0.00456
scoring_system epss
scoring_elements 0.63923
published_at 2026-04-11T12:55:00Z
8
value 0.00456
scoring_system epss
scoring_elements 0.6391
published_at 2026-04-09T12:55:00Z
9
value 0.00456
scoring_system epss
scoring_elements 0.63892
published_at 2026-04-08T12:55:00Z
10
value 0.00456
scoring_system epss
scoring_elements 0.63842
published_at 2026-04-07T12:55:00Z
11
value 0.00456
scoring_system epss
scoring_elements 0.63858
published_at 2026-04-02T12:55:00Z
12
value 0.00456
scoring_system epss
scoring_elements 0.63885
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52304
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52304
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T15:38:44Z/
url https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T15:38:44Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
7
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52304
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52304
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088109
reference_id 1088109
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088109
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2327130
reference_id 2327130
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2327130
11
reference_url https://github.com/advisories/GHSA-8495-4g3g-x7pr
reference_id GHSA-8495-4g3g-x7pr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8495-4g3g-x7pr
12
reference_url https://access.redhat.com/errata/RHSA-2024:10766
reference_id RHSA-2024:10766
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10766
13
reference_url https://access.redhat.com/errata/RHSA-2024:11574
reference_id RHSA-2024:11574
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11574
14
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
15
reference_url https://access.redhat.com/errata/RHSA-2025:0341
reference_id RHSA-2025:0341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0341
16
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
17
reference_url https://access.redhat.com/errata/RHSA-2025:0753
reference_id RHSA-2025:0753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0753
18
reference_url https://access.redhat.com/errata/RHSA-2025:1101
reference_id RHSA-2025:1101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1101
19
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
aliases CVE-2024-52304, GHSA-8495-4g3g-x7pr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zrgm-47ph-x3g3
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1