Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/aiohttp@3.13.3
purl pkg:pypi/aiohttp@3.13.3
Next non-vulnerable version 3.13.4
Latest non-vulnerable version 4.0.0a0
Risk 4.1
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-19q4-vzzb-8uca
Aliases:
CVE-2026-34519
GHSA-mwh4-6h8g-pg8w
3.13.4
Affected by 0 other vulnerabilities.
VCID-5f1f-mrwv-zucz
Aliases:
CVE-2026-34513
GHSA-hcc4-c3v8-rx92
3.13.4
Affected by 0 other vulnerabilities.
VCID-cg9h-fysf-xygf
Aliases:
CVE-2026-34516
GHSA-m5qp-6w8w-w647
3.13.4
Affected by 0 other vulnerabilities.
VCID-dr2r-7qda-tfh5
Aliases:
CVE-2026-34515
GHSA-p998-jp59-783m
3.13.4
Affected by 0 other vulnerabilities.
VCID-drqp-x9gc-2qd3
Aliases:
CVE-2026-34518
GHSA-966j-vmvw-g2g9
3.13.4
Affected by 0 other vulnerabilities.
VCID-g4rj-1kzy-pkft
Aliases:
CVE-2026-34525
GHSA-c427-h43c-vf67
3.13.4
Affected by 0 other vulnerabilities.
VCID-hyh4-58xy-xfge
Aliases:
CVE-2026-34517
GHSA-3wq7-rqq7-wx6j
3.13.4
Affected by 0 other vulnerabilities.
VCID-kf4p-q9n9-ayhn
Aliases:
CVE-2026-22815
GHSA-w2fm-2cpv-w7v5
3.13.4
Affected by 0 other vulnerabilities.
VCID-qt9z-6kwe-wbht
Aliases:
CVE-2026-34514
GHSA-2vrm-gr82-f7m5
3.13.4
Affected by 0 other vulnerabilities.
VCID-tmjw-8cdt-7yf7
Aliases:
CVE-2026-34520
GHSA-63hf-3vf5-4wqf
3.13.4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (8)
Vulnerability Summary Aliases
VCID-d3pa-kwgz-vuag AIOHTTP vulnerable to denial of service through large payloads ### Summary A request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing. ### Impact If an application includes a handler that uses the `Request.post()` method, an attacker may be able to freeze the server by exhausting the memory. ----- Patch: https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60 CVE-2025-69228
GHSA-6jhg-hg63-jvvf
VCID-ft9z-nd6x-27dz AIOHTTP has unicode match groups in regexes for ASCII protocol elements ### Summary The parser allows non-ASCII decimals to be present in the Range header. ### Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch: https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96 CVE-2025-69225
GHSA-mqqc-3gqh-h2x8
VCID-peyu-fxyx-ayde AIOHTTP vulnerable to DoS through chunked messages ### Summary Handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. ### Impact If an application makes use of the `request.read()` method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time. ----- Patch: https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712 Patch: https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229 CVE-2025-69229
GHSA-g84x-mcqj-x9qq
VCID-qrus-4szm-c3bj AIOHTTP's unicode processing of header values could cause parsing discrepancies ### Summary The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. ### Impact If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. ------ Patch: https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0 CVE-2025-69224
GHSA-69f9-5gxw-wvc2
VCID-sjws-ddnq-fke2 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb ### Summary A zip bomb can be used to execute a DoS against the aiohttp server. ### Impact An attacker may be able to send a compressed request that when decompressed by aiohttp could exhaust the host's memory. ------ Patch: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a CVE-2025-69223
GHSA-6mq8-rvhq-8wgg
VCID-t9gx-etxx-vkgb AIOHTTP vulnerable to DoS when bypassing asserts ### Summary When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body. ### Impact If optimisations are enabled (`-O` or `PYTHONOPTIMIZE=1`), and the application includes a handler that uses the `Request.post()` method, then an attacker may be able to execute a DoS attack with a specially crafted message. ------ Patch: https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259 CVE-2025-69227
GHSA-jj3x-wxrx-4x23
VCID-vqvz-jfqh-jkaz AIOHTTP vulnerable to brute-force leak of internal static file path components ### Summary Path normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the existence of absolute path components. ### Impact If an application uses `web.static()` (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. ------ Patch: https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e CVE-2025-69226
GHSA-54jq-c3m8-4m76
VCID-zm3a-mf2z-xfcm AIOHTTP Vulnerable to Cookie Parser Warning Storm ### Summary Reading multiple invalid cookies can lead to a logging storm. ### Impact If the ``cookies`` attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header. ---- Patch: https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326 CVE-2025-69230
GHSA-fh55-r93g-j68g

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-17T00:05:55.049706+00:00 GitLab Importer Fixing VCID-t9gx-etxx-vkgb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69227.yml 38.4.0
2026-04-17T00:05:53.080961+00:00 GitLab Importer Fixing VCID-d3pa-kwgz-vuag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69228.yml 38.4.0
2026-04-17T00:05:51.359940+00:00 GitLab Importer Fixing VCID-peyu-fxyx-ayde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69229.yml 38.4.0
2026-04-17T00:05:47.794787+00:00 GitLab Importer Fixing VCID-qrus-4szm-c3bj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69224.yml 38.4.0
2026-04-17T00:05:45.359731+00:00 GitLab Importer Fixing VCID-sjws-ddnq-fke2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69223.yml 38.4.0
2026-04-17T00:05:35.612571+00:00 GitLab Importer Fixing VCID-vqvz-jfqh-jkaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69226.yml 38.4.0
2026-04-17T00:05:32.732902+00:00 GitLab Importer Fixing VCID-zm3a-mf2z-xfcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69230.yml 38.4.0
2026-04-17T00:05:30.097466+00:00 GitLab Importer Fixing VCID-ft9z-nd6x-27dz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69225.yml 38.4.0
2026-04-12T01:29:14.456002+00:00 GitLab Importer Fixing VCID-t9gx-etxx-vkgb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69227.yml 38.3.0
2026-04-12T01:29:12.349552+00:00 GitLab Importer Fixing VCID-d3pa-kwgz-vuag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69228.yml 38.3.0
2026-04-12T01:29:10.512656+00:00 GitLab Importer Fixing VCID-peyu-fxyx-ayde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69229.yml 38.3.0
2026-04-12T01:29:06.763898+00:00 GitLab Importer Fixing VCID-qrus-4szm-c3bj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69224.yml 38.3.0
2026-04-12T01:29:04.446479+00:00 GitLab Importer Fixing VCID-sjws-ddnq-fke2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69223.yml 38.3.0
2026-04-12T01:28:53.883607+00:00 GitLab Importer Fixing VCID-vqvz-jfqh-jkaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69226.yml 38.3.0
2026-04-12T01:28:50.940697+00:00 GitLab Importer Fixing VCID-zm3a-mf2z-xfcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69230.yml 38.3.0
2026-04-12T01:28:48.107104+00:00 GitLab Importer Fixing VCID-ft9z-nd6x-27dz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69225.yml 38.3.0
2026-04-03T01:37:57.342750+00:00 GitLab Importer Fixing VCID-t9gx-etxx-vkgb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69227.yml 38.1.0
2026-04-03T01:37:55.312362+00:00 GitLab Importer Fixing VCID-d3pa-kwgz-vuag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69228.yml 38.1.0
2026-04-03T01:37:53.534843+00:00 GitLab Importer Fixing VCID-peyu-fxyx-ayde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69229.yml 38.1.0
2026-04-03T01:37:49.916891+00:00 GitLab Importer Fixing VCID-qrus-4szm-c3bj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69224.yml 38.1.0
2026-04-03T01:37:47.154511+00:00 GitLab Importer Fixing VCID-sjws-ddnq-fke2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69223.yml 38.1.0
2026-04-03T01:37:36.109631+00:00 GitLab Importer Fixing VCID-vqvz-jfqh-jkaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69226.yml 38.1.0
2026-04-03T01:37:33.563310+00:00 GitLab Importer Fixing VCID-zm3a-mf2z-xfcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69230.yml 38.1.0
2026-04-03T01:37:30.792789+00:00 GitLab Importer Fixing VCID-ft9z-nd6x-27dz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69225.yml 38.1.0
2026-04-02T17:01:37.897643+00:00 GHSA Importer Affected by VCID-g4rj-1kzy-pkft https://github.com/advisories/GHSA-c427-h43c-vf67 38.1.0
2026-04-02T17:01:37.865291+00:00 GHSA Importer Affected by VCID-tmjw-8cdt-7yf7 https://github.com/advisories/GHSA-63hf-3vf5-4wqf 38.1.0
2026-04-02T17:01:37.834133+00:00 GHSA Importer Affected by VCID-19q4-vzzb-8uca https://github.com/advisories/GHSA-mwh4-6h8g-pg8w 38.1.0
2026-04-02T17:01:37.803406+00:00 GHSA Importer Affected by VCID-drqp-x9gc-2qd3 https://github.com/advisories/GHSA-966j-vmvw-g2g9 38.1.0
2026-04-02T17:01:37.772322+00:00 GHSA Importer Affected by VCID-hyh4-58xy-xfge https://github.com/advisories/GHSA-3wq7-rqq7-wx6j 38.1.0
2026-04-02T17:01:37.650108+00:00 GHSA Importer Affected by VCID-cg9h-fysf-xygf https://github.com/advisories/GHSA-m5qp-6w8w-w647 38.1.0
2026-04-02T17:01:37.484848+00:00 GHSA Importer Affected by VCID-dr2r-7qda-tfh5 https://github.com/advisories/GHSA-p998-jp59-783m 38.1.0
2026-04-02T17:01:37.411046+00:00 GHSA Importer Affected by VCID-qt9z-6kwe-wbht https://github.com/advisories/GHSA-2vrm-gr82-f7m5 38.1.0
2026-04-02T17:01:37.383248+00:00 GHSA Importer Affected by VCID-5f1f-mrwv-zucz https://github.com/advisories/GHSA-hcc4-c3v8-rx92 38.1.0
2026-04-02T17:01:36.584407+00:00 GHSA Importer Affected by VCID-kf4p-q9n9-ayhn https://github.com/advisories/GHSA-w2fm-2cpv-w7v5 38.1.0
2026-04-01T16:07:29.649791+00:00 GHSA Importer Fixing VCID-zm3a-mf2z-xfcm https://github.com/advisories/GHSA-fh55-r93g-j68g 38.0.0
2026-04-01T16:07:29.622250+00:00 GHSA Importer Fixing VCID-peyu-fxyx-ayde https://github.com/advisories/GHSA-g84x-mcqj-x9qq 38.0.0
2026-04-01T16:07:29.592436+00:00 GHSA Importer Fixing VCID-d3pa-kwgz-vuag https://github.com/advisories/GHSA-6jhg-hg63-jvvf 38.0.0
2026-04-01T16:07:29.564754+00:00 GHSA Importer Fixing VCID-t9gx-etxx-vkgb https://github.com/advisories/GHSA-jj3x-wxrx-4x23 38.0.0
2026-04-01T16:07:29.535862+00:00 GHSA Importer Fixing VCID-vqvz-jfqh-jkaz https://github.com/advisories/GHSA-54jq-c3m8-4m76 38.0.0
2026-04-01T16:07:29.504076+00:00 GHSA Importer Fixing VCID-ft9z-nd6x-27dz https://github.com/advisories/GHSA-mqqc-3gqh-h2x8 38.0.0
2026-04-01T16:07:29.476693+00:00 GHSA Importer Fixing VCID-qrus-4szm-c3bj https://github.com/advisories/GHSA-69f9-5gxw-wvc2 38.0.0
2026-04-01T16:07:29.446023+00:00 GHSA Importer Fixing VCID-sjws-ddnq-fke2 https://github.com/advisories/GHSA-6mq8-rvhq-8wgg 38.0.0
2026-04-01T12:53:36.565756+00:00 GitLab Importer Fixing VCID-t9gx-etxx-vkgb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69227.yml 38.0.0
2026-04-01T12:53:36.535947+00:00 GitLab Importer Fixing VCID-d3pa-kwgz-vuag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69228.yml 38.0.0
2026-04-01T12:53:36.519192+00:00 GitLab Importer Fixing VCID-peyu-fxyx-ayde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69229.yml 38.0.0
2026-04-01T12:53:36.477197+00:00 GitLab Importer Fixing VCID-qrus-4szm-c3bj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69224.yml 38.0.0
2026-04-01T12:53:36.422782+00:00 GitLab Importer Fixing VCID-sjws-ddnq-fke2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69223.yml 38.0.0
2026-04-01T12:53:36.222593+00:00 GitLab Importer Fixing VCID-vqvz-jfqh-jkaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69226.yml 38.0.0
2026-04-01T12:53:36.176284+00:00 GitLab Importer Fixing VCID-zm3a-mf2z-xfcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69230.yml 38.0.0
2026-04-01T12:53:36.114094+00:00 GitLab Importer Fixing VCID-ft9z-nd6x-27dz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/CVE-2025-69225.yml 38.0.0
2026-04-01T12:52:29.404731+00:00 GithubOSV Importer Fixing VCID-d3pa-kwgz-vuag https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-6jhg-hg63-jvvf/GHSA-6jhg-hg63-jvvf.json 38.0.0
2026-04-01T12:52:29.103538+00:00 GithubOSV Importer Fixing VCID-sjws-ddnq-fke2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-6mq8-rvhq-8wgg/GHSA-6mq8-rvhq-8wgg.json 38.0.0
2026-04-01T12:52:24.799400+00:00 GithubOSV Importer Fixing VCID-peyu-fxyx-ayde https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-g84x-mcqj-x9qq/GHSA-g84x-mcqj-x9qq.json 38.0.0
2026-04-01T12:52:24.712005+00:00 GithubOSV Importer Fixing VCID-zm3a-mf2z-xfcm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-fh55-r93g-j68g/GHSA-fh55-r93g-j68g.json 38.0.0
2026-04-01T12:52:21.473613+00:00 GithubOSV Importer Fixing VCID-t9gx-etxx-vkgb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-jj3x-wxrx-4x23/GHSA-jj3x-wxrx-4x23.json 38.0.0
2026-04-01T12:52:18.172095+00:00 GithubOSV Importer Fixing VCID-vqvz-jfqh-jkaz https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-54jq-c3m8-4m76/GHSA-54jq-c3m8-4m76.json 38.0.0
2026-04-01T12:52:13.250635+00:00 GithubOSV Importer Fixing VCID-qrus-4szm-c3bj https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-69f9-5gxw-wvc2/GHSA-69f9-5gxw-wvc2.json 38.0.0
2026-04-01T12:52:12.787504+00:00 GithubOSV Importer Fixing VCID-ft9z-nd6x-27dz https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-mqqc-3gqh-h2x8/GHSA-mqqc-3gqh-h2x8.json 38.0.0