Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-aiohttp@3.13.5-1
Typedeb
Namespacedebian
Namepython-aiohttp
Version3.13.5-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.14.0-1
Latest_non_vulnerable_version3.14.0-1
Affected_by_vulnerabilities
0
url VCID-kc4y-3rrv-77h4
vulnerability_id VCID-kc4y-3rrv-77h4
summary python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-47265.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-47265.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-47265
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04465
published_at 2026-06-07T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04477
published_at 2026-06-06T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05378
published_at 2026-06-05T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06563
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-47265
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47265
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47265
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/f54c40851b0d6c4bbdab97ba518a223adda32478
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-03T12:48:46Z/
url https://github.com/aio-libs/aiohttp/commit/f54c40851b0d6c4bbdab97ba518a223adda32478
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hg6j-4rv6-33pg
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-03T12:48:46Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hg6j-4rv6-33pg
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-47265
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-47265
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138780
reference_id 1138780
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138780
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2484127
reference_id 2484127
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2484127
10
reference_url https://github.com/advisories/GHSA-hg6j-4rv6-33pg
reference_id GHSA-hg6j-4rv6-33pg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hg6j-4rv6-33pg
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.14.0-1
purl pkg:deb/debian/python-aiohttp@3.14.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.14.0-1
aliases CVE-2026-47265, GHSA-hg6j-4rv6-33pg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kc4y-3rrv-77h4
1
url VCID-qs2p-udan-p3an
vulnerability_id VCID-qs2p-udan-p3an
summary 
AIOHTTP is Vulnerable to Deserialization of Untrusted Data
### Summary

Using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution.

### Impact

Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications.

### Workaround

If an application does allow attacker controlled files to be loaded, a workaround on older releases would be to sanitise the files before loading.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/dcf40f30637e8752c76781cf6703b5a236749a00
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34993
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17674
published_at 2026-06-05T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20928
published_at 2026-06-07T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20973
published_at 2026-06-06T12:55:00Z
3
value 0.00068
scoring_system epss
scoring_elements 0.21188
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34993
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34993
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34993
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
4
reference_url https://github.com/aio-libs/aiohttp/commit/dcf40f30637e8752c76781cf6703b5a236749a00
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T13:59:36Z/
url https://github.com/aio-libs/aiohttp/commit/dcf40f30637e8752c76781cf6703b5a236749a00
5
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jg22-mg44-37j8
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-03T13:59:36Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jg22-mg44-37j8
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34993
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34993
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138781
reference_id 1138781
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138781
8
reference_url https://github.com/advisories/GHSA-jg22-mg44-37j8
reference_id GHSA-jg22-mg44-37j8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jg22-mg44-37j8
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.14.0-1
purl pkg:deb/debian/python-aiohttp@3.14.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.14.0-1
aliases CVE-2026-34993, GHSA-jg22-mg44-37j8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qs2p-udan-p3an
Fixing_vulnerabilities
0
url VCID-3v2v-g9dz-q7hu
vulnerability_id VCID-3v2v-g9dz-q7hu
summary aiohttp: AIOHTTP: Information disclosure via retained Cookie and Proxy-Authorization headers during redirects
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34518
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02824
published_at 2026-06-05T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02777
published_at 2026-06-07T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.0283
published_at 2026-06-06T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03087
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34518
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34518
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34518
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454098
reference_id 2454098
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454098
11
reference_url https://github.com/advisories/GHSA-966j-vmvw-g2g9
reference_id GHSA-966j-vmvw-g2g9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-966j-vmvw-g2g9
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-4kzt-jurh-4udw
2
vulnerability VCID-5p2v-fh76-tues
3
vulnerability VCID-7b59-eb63-tfcf
4
vulnerability VCID-8mb3-gafx-8qaz
5
vulnerability VCID-8y5k-1ax1-ykhs
6
vulnerability VCID-c1e6-tue3-8yce
7
vulnerability VCID-cu3k-ug29-93hr
8
vulnerability VCID-fcpq-68fe-jygn
9
vulnerability VCID-hwxf-hppk-r7c8
10
vulnerability VCID-k3f4-wafv-3qgu
11
vulnerability VCID-k3nq-f446-bkas
12
vulnerability VCID-kc4y-3rrv-77h4
13
vulnerability VCID-m6u7-xssj-fffs
14
vulnerability VCID-m7wa-qdpv-wuhj
15
vulnerability VCID-msav-gwbq-bufr
16
vulnerability VCID-myz5-wsnu-u7a5
17
vulnerability VCID-p12d-qx3n-cuav
18
vulnerability VCID-qh9b-wf9z-13d2
19
vulnerability VCID-qs2p-udan-p3an
20
vulnerability VCID-w4mr-q1jr-1qfp
21
vulnerability VCID-xgmx-6qmw-7ugn
22
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kc4y-3rrv-77h4
1
vulnerability VCID-qs2p-udan-p3an
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34518, GHSA-966j-vmvw-g2g9
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3v2v-g9dz-q7hu
1
url VCID-7b59-eb63-tfcf
vulnerability_id VCID-7b59-eb63-tfcf
summary aiohttp: AIOHTTP: Header injection vulnerability due to improper character handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34520
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.2336
published_at 2026-06-05T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.233
published_at 2026-06-07T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.23345
published_at 2026-06-06T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.23926
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34520
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34520
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34520
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454094
reference_id 2454094
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454094
11
reference_url https://github.com/advisories/GHSA-63hf-3vf5-4wqf
reference_id GHSA-63hf-3vf5-4wqf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-63hf-3vf5-4wqf
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-4kzt-jurh-4udw
2
vulnerability VCID-5p2v-fh76-tues
3
vulnerability VCID-7b59-eb63-tfcf
4
vulnerability VCID-8mb3-gafx-8qaz
5
vulnerability VCID-8y5k-1ax1-ykhs
6
vulnerability VCID-c1e6-tue3-8yce
7
vulnerability VCID-cu3k-ug29-93hr
8
vulnerability VCID-fcpq-68fe-jygn
9
vulnerability VCID-hwxf-hppk-r7c8
10
vulnerability VCID-k3f4-wafv-3qgu
11
vulnerability VCID-k3nq-f446-bkas
12
vulnerability VCID-kc4y-3rrv-77h4
13
vulnerability VCID-m6u7-xssj-fffs
14
vulnerability VCID-m7wa-qdpv-wuhj
15
vulnerability VCID-msav-gwbq-bufr
16
vulnerability VCID-myz5-wsnu-u7a5
17
vulnerability VCID-p12d-qx3n-cuav
18
vulnerability VCID-qh9b-wf9z-13d2
19
vulnerability VCID-qs2p-udan-p3an
20
vulnerability VCID-w4mr-q1jr-1qfp
21
vulnerability VCID-xgmx-6qmw-7ugn
22
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kc4y-3rrv-77h4
1
vulnerability VCID-qs2p-udan-p3an
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34520, GHSA-63hf-3vf5-4wqf
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7b59-eb63-tfcf
2
url VCID-8mb3-gafx-8qaz
vulnerability_id VCID-8mb3-gafx-8qaz
summary aiohttp: AIOHTTP: Header Injection via content_type parameter manipulation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34514
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03438
published_at 2026-06-08T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03097
published_at 2026-06-05T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03107
published_at 2026-06-06T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03055
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34514
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34514
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34514
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454102
reference_id 2454102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454102
11
reference_url https://github.com/advisories/GHSA-2vrm-gr82-f7m5
reference_id GHSA-2vrm-gr82-f7m5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2vrm-gr82-f7m5
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-4kzt-jurh-4udw
2
vulnerability VCID-5p2v-fh76-tues
3
vulnerability VCID-7b59-eb63-tfcf
4
vulnerability VCID-8mb3-gafx-8qaz
5
vulnerability VCID-8y5k-1ax1-ykhs
6
vulnerability VCID-c1e6-tue3-8yce
7
vulnerability VCID-cu3k-ug29-93hr
8
vulnerability VCID-fcpq-68fe-jygn
9
vulnerability VCID-hwxf-hppk-r7c8
10
vulnerability VCID-k3f4-wafv-3qgu
11
vulnerability VCID-k3nq-f446-bkas
12
vulnerability VCID-kc4y-3rrv-77h4
13
vulnerability VCID-m6u7-xssj-fffs
14
vulnerability VCID-m7wa-qdpv-wuhj
15
vulnerability VCID-msav-gwbq-bufr
16
vulnerability VCID-myz5-wsnu-u7a5
17
vulnerability VCID-p12d-qx3n-cuav
18
vulnerability VCID-qh9b-wf9z-13d2
19
vulnerability VCID-qs2p-udan-p3an
20
vulnerability VCID-w4mr-q1jr-1qfp
21
vulnerability VCID-xgmx-6qmw-7ugn
22
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kc4y-3rrv-77h4
1
vulnerability VCID-qs2p-udan-p3an
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34514, GHSA-2vrm-gr82-f7m5
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mb3-gafx-8qaz
3
url VCID-c1e6-tue3-8yce
vulnerability_id VCID-c1e6-tue3-8yce
summary aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22815
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05833
published_at 2026-06-08T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05599
published_at 2026-06-05T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05584
published_at 2026-06-06T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05586
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22815
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22815
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22815
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454093
reference_id 2454093
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454093
11
reference_url https://github.com/advisories/GHSA-w2fm-2cpv-w7v5
reference_id GHSA-w2fm-2cpv-w7v5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2fm-2cpv-w7v5
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-4kzt-jurh-4udw
2
vulnerability VCID-5p2v-fh76-tues
3
vulnerability VCID-7b59-eb63-tfcf
4
vulnerability VCID-8mb3-gafx-8qaz
5
vulnerability VCID-8y5k-1ax1-ykhs
6
vulnerability VCID-c1e6-tue3-8yce
7
vulnerability VCID-cu3k-ug29-93hr
8
vulnerability VCID-fcpq-68fe-jygn
9
vulnerability VCID-hwxf-hppk-r7c8
10
vulnerability VCID-k3f4-wafv-3qgu
11
vulnerability VCID-k3nq-f446-bkas
12
vulnerability VCID-kc4y-3rrv-77h4
13
vulnerability VCID-m6u7-xssj-fffs
14
vulnerability VCID-m7wa-qdpv-wuhj
15
vulnerability VCID-msav-gwbq-bufr
16
vulnerability VCID-myz5-wsnu-u7a5
17
vulnerability VCID-p12d-qx3n-cuav
18
vulnerability VCID-qh9b-wf9z-13d2
19
vulnerability VCID-qs2p-udan-p3an
20
vulnerability VCID-w4mr-q1jr-1qfp
21
vulnerability VCID-xgmx-6qmw-7ugn
22
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kc4y-3rrv-77h4
1
vulnerability VCID-qs2p-udan-p3an
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-22815, GHSA-w2fm-2cpv-w7v5
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1e6-tue3-8yce
4
url VCID-k3f4-wafv-3qgu
vulnerability_id VCID-k3f4-wafv-3qgu
summary aiohttp: AIOHTTP: Denial of Service via large multipart form fields
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34517
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05391
published_at 2026-06-05T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05372
published_at 2026-06-07T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05659
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34517
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34517
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34517
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454095
reference_id 2454095
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454095
11
reference_url https://github.com/advisories/GHSA-3wq7-rqq7-wx6j
reference_id GHSA-3wq7-rqq7-wx6j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3wq7-rqq7-wx6j
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-4kzt-jurh-4udw
2
vulnerability VCID-5p2v-fh76-tues
3
vulnerability VCID-7b59-eb63-tfcf
4
vulnerability VCID-8mb3-gafx-8qaz
5
vulnerability VCID-8y5k-1ax1-ykhs
6
vulnerability VCID-c1e6-tue3-8yce
7
vulnerability VCID-cu3k-ug29-93hr
8
vulnerability VCID-fcpq-68fe-jygn
9
vulnerability VCID-hwxf-hppk-r7c8
10
vulnerability VCID-k3f4-wafv-3qgu
11
vulnerability VCID-k3nq-f446-bkas
12
vulnerability VCID-kc4y-3rrv-77h4
13
vulnerability VCID-m6u7-xssj-fffs
14
vulnerability VCID-m7wa-qdpv-wuhj
15
vulnerability VCID-msav-gwbq-bufr
16
vulnerability VCID-myz5-wsnu-u7a5
17
vulnerability VCID-p12d-qx3n-cuav
18
vulnerability VCID-qh9b-wf9z-13d2
19
vulnerability VCID-qs2p-udan-p3an
20
vulnerability VCID-w4mr-q1jr-1qfp
21
vulnerability VCID-xgmx-6qmw-7ugn
22
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kc4y-3rrv-77h4
1
vulnerability VCID-qs2p-udan-p3an
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34517, GHSA-3wq7-rqq7-wx6j
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3f4-wafv-3qgu
5
url VCID-k3nq-f446-bkas
vulnerability_id VCID-k3nq-f446-bkas
summary aiohttp: aiohttp: Security bypass via multiple Host headers
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34525
reference_id
reference_type
scores
0
value 0.00139
scoring_system epss
scoring_elements 0.33762
published_at 2026-06-08T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.36946
published_at 2026-06-07T12:55:00Z
2
value 0.00162
scoring_system epss
scoring_elements 0.3698
published_at 2026-06-06T12:55:00Z
3
value 0.00162
scoring_system epss
scoring_elements 0.36974
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34525
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000
6
reference_url https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349
7
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34525
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34525
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454096
reference_id 2454096
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454096
12
reference_url https://github.com/advisories/GHSA-c427-h43c-vf67
reference_id GHSA-c427-h43c-vf67
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c427-h43c-vf67
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-4kzt-jurh-4udw
2
vulnerability VCID-5p2v-fh76-tues
3
vulnerability VCID-7b59-eb63-tfcf
4
vulnerability VCID-8mb3-gafx-8qaz
5
vulnerability VCID-8y5k-1ax1-ykhs
6
vulnerability VCID-c1e6-tue3-8yce
7
vulnerability VCID-cu3k-ug29-93hr
8
vulnerability VCID-fcpq-68fe-jygn
9
vulnerability VCID-hwxf-hppk-r7c8
10
vulnerability VCID-k3f4-wafv-3qgu
11
vulnerability VCID-k3nq-f446-bkas
12
vulnerability VCID-kc4y-3rrv-77h4
13
vulnerability VCID-m6u7-xssj-fffs
14
vulnerability VCID-m7wa-qdpv-wuhj
15
vulnerability VCID-msav-gwbq-bufr
16
vulnerability VCID-myz5-wsnu-u7a5
17
vulnerability VCID-p12d-qx3n-cuav
18
vulnerability VCID-qh9b-wf9z-13d2
19
vulnerability VCID-qs2p-udan-p3an
20
vulnerability VCID-w4mr-q1jr-1qfp
21
vulnerability VCID-xgmx-6qmw-7ugn
22
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kc4y-3rrv-77h4
1
vulnerability VCID-qs2p-udan-p3an
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34525, GHSA-c427-h43c-vf67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3nq-f446-bkas
6
url VCID-m7wa-qdpv-wuhj
vulnerability_id VCID-m7wa-qdpv-wuhj
summary aiohttp: AIOHTTP: Denial of Service via excessive multipart headers
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34516
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05833
published_at 2026-06-08T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05599
published_at 2026-06-05T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05584
published_at 2026-06-06T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05586
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34516
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34516
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34516
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454112
reference_id 2454112
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454112
11
reference_url https://github.com/advisories/GHSA-m5qp-6w8w-w647
reference_id GHSA-m5qp-6w8w-w647
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m5qp-6w8w-w647
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-4kzt-jurh-4udw
2
vulnerability VCID-5p2v-fh76-tues
3
vulnerability VCID-7b59-eb63-tfcf
4
vulnerability VCID-8mb3-gafx-8qaz
5
vulnerability VCID-8y5k-1ax1-ykhs
6
vulnerability VCID-c1e6-tue3-8yce
7
vulnerability VCID-cu3k-ug29-93hr
8
vulnerability VCID-fcpq-68fe-jygn
9
vulnerability VCID-hwxf-hppk-r7c8
10
vulnerability VCID-k3f4-wafv-3qgu
11
vulnerability VCID-k3nq-f446-bkas
12
vulnerability VCID-kc4y-3rrv-77h4
13
vulnerability VCID-m6u7-xssj-fffs
14
vulnerability VCID-m7wa-qdpv-wuhj
15
vulnerability VCID-msav-gwbq-bufr
16
vulnerability VCID-myz5-wsnu-u7a5
17
vulnerability VCID-p12d-qx3n-cuav
18
vulnerability VCID-qh9b-wf9z-13d2
19
vulnerability VCID-qs2p-udan-p3an
20
vulnerability VCID-w4mr-q1jr-1qfp
21
vulnerability VCID-xgmx-6qmw-7ugn
22
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kc4y-3rrv-77h4
1
vulnerability VCID-qs2p-udan-p3an
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34516, GHSA-m5qp-6w8w-w647
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7wa-qdpv-wuhj
7
url VCID-myz5-wsnu-u7a5
vulnerability_id VCID-myz5-wsnu-u7a5
summary aiohttp: aiohttp: Header injection vulnerability via reason parameter
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34519
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.17029
published_at 2026-06-05T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.16989
published_at 2026-06-07T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.17025
published_at 2026-06-06T12:55:00Z
3
value 0.00056
scoring_system epss
scoring_elements 0.17593
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34519
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34519
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34519
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454100
reference_id 2454100
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454100
11
reference_url https://github.com/advisories/GHSA-mwh4-6h8g-pg8w
reference_id GHSA-mwh4-6h8g-pg8w
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwh4-6h8g-pg8w
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-4kzt-jurh-4udw
2
vulnerability VCID-5p2v-fh76-tues
3
vulnerability VCID-7b59-eb63-tfcf
4
vulnerability VCID-8mb3-gafx-8qaz
5
vulnerability VCID-8y5k-1ax1-ykhs
6
vulnerability VCID-c1e6-tue3-8yce
7
vulnerability VCID-cu3k-ug29-93hr
8
vulnerability VCID-fcpq-68fe-jygn
9
vulnerability VCID-hwxf-hppk-r7c8
10
vulnerability VCID-k3f4-wafv-3qgu
11
vulnerability VCID-k3nq-f446-bkas
12
vulnerability VCID-kc4y-3rrv-77h4
13
vulnerability VCID-m6u7-xssj-fffs
14
vulnerability VCID-m7wa-qdpv-wuhj
15
vulnerability VCID-msav-gwbq-bufr
16
vulnerability VCID-myz5-wsnu-u7a5
17
vulnerability VCID-p12d-qx3n-cuav
18
vulnerability VCID-qh9b-wf9z-13d2
19
vulnerability VCID-qs2p-udan-p3an
20
vulnerability VCID-w4mr-q1jr-1qfp
21
vulnerability VCID-xgmx-6qmw-7ugn
22
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kc4y-3rrv-77h4
1
vulnerability VCID-qs2p-udan-p3an
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34519, GHSA-mwh4-6h8g-pg8w
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myz5-wsnu-u7a5
8
url VCID-w4mr-q1jr-1qfp
vulnerability_id VCID-w4mr-q1jr-1qfp
summary aiohttp: AIOHTTP: Denial of Service due to unbounded DNS cache
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34513
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05833
published_at 2026-06-08T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05599
published_at 2026-06-05T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05584
published_at 2026-06-06T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05586
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34513
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34513
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34513
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454107
reference_id 2454107
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454107
11
reference_url https://github.com/advisories/GHSA-hcc4-c3v8-rx92
reference_id GHSA-hcc4-c3v8-rx92
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcc4-c3v8-rx92
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-4kzt-jurh-4udw
2
vulnerability VCID-5p2v-fh76-tues
3
vulnerability VCID-7b59-eb63-tfcf
4
vulnerability VCID-8mb3-gafx-8qaz
5
vulnerability VCID-8y5k-1ax1-ykhs
6
vulnerability VCID-c1e6-tue3-8yce
7
vulnerability VCID-cu3k-ug29-93hr
8
vulnerability VCID-fcpq-68fe-jygn
9
vulnerability VCID-hwxf-hppk-r7c8
10
vulnerability VCID-k3f4-wafv-3qgu
11
vulnerability VCID-k3nq-f446-bkas
12
vulnerability VCID-kc4y-3rrv-77h4
13
vulnerability VCID-m6u7-xssj-fffs
14
vulnerability VCID-m7wa-qdpv-wuhj
15
vulnerability VCID-msav-gwbq-bufr
16
vulnerability VCID-myz5-wsnu-u7a5
17
vulnerability VCID-p12d-qx3n-cuav
18
vulnerability VCID-qh9b-wf9z-13d2
19
vulnerability VCID-qs2p-udan-p3an
20
vulnerability VCID-w4mr-q1jr-1qfp
21
vulnerability VCID-xgmx-6qmw-7ugn
22
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kc4y-3rrv-77h4
1
vulnerability VCID-qs2p-udan-p3an
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34513, GHSA-hcc4-c3v8-rx92
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4mr-q1jr-1qfp
9
url VCID-yr3u-3vzh-1yhq
vulnerability_id VCID-yr3u-3vzh-1yhq
summary 
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53643
reference_id
reference_type
scores
0
value 0.00424
scoring_system epss
scoring_elements 0.62553
published_at 2026-06-08T12:55:00Z
1
value 0.00424
scoring_system epss
scoring_elements 0.62568
published_at 2026-06-05T12:55:00Z
2
value 0.00424
scoring_system epss
scoring_elements 0.62576
published_at 2026-06-06T12:55:00Z
3
value 0.00424
scoring_system epss
scoring_elements 0.62567
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53643
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/
url https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336
reference_id 1109336
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2380000
reference_id 2380000
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2380000
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53643
reference_id CVE-2025-53643
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53643
9
reference_url https://github.com/advisories/GHSA-9548-qrrj-x5pj
reference_id GHSA-9548-qrrj-x5pj
reference_type
scores
url https://github.com/advisories/GHSA-9548-qrrj-x5pj
10
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
reference_id GHSA-9548-qrrj-x5pj
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
11
reference_url https://access.redhat.com/errata/RHSA-2025:22759
reference_id RHSA-2025:22759
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22759
12
reference_url https://access.redhat.com/errata/RHSA-2025:22939
reference_id RHSA-2025:22939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22939
13
reference_url https://access.redhat.com/errata/RHSA-2025:22944
reference_id RHSA-2025:22944
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22944
14
reference_url https://access.redhat.com/errata/RHSA-2025:23531
reference_id RHSA-2025:23531
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23531
15
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
16
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
17
reference_url https://access.redhat.com/errata/RHSA-2026:2760
reference_id RHSA-2026:2760
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2760
18
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3v2v-g9dz-q7hu
1
vulnerability VCID-4kzt-jurh-4udw
2
vulnerability VCID-5p2v-fh76-tues
3
vulnerability VCID-7b59-eb63-tfcf
4
vulnerability VCID-8mb3-gafx-8qaz
5
vulnerability VCID-8y5k-1ax1-ykhs
6
vulnerability VCID-c1e6-tue3-8yce
7
vulnerability VCID-cu3k-ug29-93hr
8
vulnerability VCID-fcpq-68fe-jygn
9
vulnerability VCID-hwxf-hppk-r7c8
10
vulnerability VCID-k3f4-wafv-3qgu
11
vulnerability VCID-k3nq-f446-bkas
12
vulnerability VCID-kc4y-3rrv-77h4
13
vulnerability VCID-m6u7-xssj-fffs
14
vulnerability VCID-m7wa-qdpv-wuhj
15
vulnerability VCID-msav-gwbq-bufr
16
vulnerability VCID-myz5-wsnu-u7a5
17
vulnerability VCID-p12d-qx3n-cuav
18
vulnerability VCID-qh9b-wf9z-13d2
19
vulnerability VCID-qs2p-udan-p3an
20
vulnerability VCID-w4mr-q1jr-1qfp
21
vulnerability VCID-xgmx-6qmw-7ugn
22
vulnerability VCID-yr3u-3vzh-1yhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kc4y-3rrv-77h4
1
vulnerability VCID-qs2p-udan-p3an
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2025-53643, GHSA-9548-qrrj-x5pj
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yr3u-3vzh-1yhq
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1