{"url":"http://public2.vulnerablecode.io/api/packages/83284?format=json","purl":"pkg:pypi/aiohttp@3.10.11","type":"pypi","namespace":"","name":"aiohttp","version":"3.10.11","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.13.4","latest_non_vulnerable_version":"4.0.0a0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63866?format=json","vulnerability_id":"VCID-3v2v-g9dz-q7hu","summary":"aiohttp: AIOHTTP: Information disclosure via retained Cookie and Proxy-Authorization headers during redirects","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34518","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02824","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34518","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34518"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454098","reference_id":"2454098","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454098"},{"reference_url":"https://github.com/advisories/GHSA-966j-vmvw-g2g9","reference_id":"GHSA-966j-vmvw-g2g9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-966j-vmvw-g2g9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110334?format=json","purl":"pkg:pypi/aiohttp@3.13.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4"}],"aliases":["CVE-2026-34518","GHSA-966j-vmvw-g2g9"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3v2v-g9dz-q7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63863?format=json","vulnerability_id":"VCID-7b59-eb63-tfcf","summary":"aiohttp: AIOHTTP: Header injection vulnerability due to improper character handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34520","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2336","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34520","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34520"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454094","reference_id":"2454094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454094"},{"reference_url":"https://github.com/advisories/GHSA-63hf-3vf5-4wqf","reference_id":"GHSA-63hf-3vf5-4wqf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-63hf-3vf5-4wqf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110334?format=json","purl":"pkg:pypi/aiohttp@3.13.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4"}],"aliases":["CVE-2026-34520","GHSA-63hf-3vf5-4wqf"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7b59-eb63-tfcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63871?format=json","vulnerability_id":"VCID-8mb3-gafx-8qaz","summary":"aiohttp: AIOHTTP: Header Injection via content_type parameter manipulation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34514","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03097","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34514","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34514"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454102","reference_id":"2454102","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454102"},{"reference_url":"https://github.com/advisories/GHSA-2vrm-gr82-f7m5","reference_id":"GHSA-2vrm-gr82-f7m5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2vrm-gr82-f7m5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110334?format=json","purl":"pkg:pypi/aiohttp@3.13.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4"}],"aliases":["CVE-2026-34514","GHSA-2vrm-gr82-f7m5"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8mb3-gafx-8qaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49585?format=json","vulnerability_id":"VCID-8y5k-1ax1-ykhs","summary":"AIOHTTP vulnerable to DoS when bypassing asserts\nWhen assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69227","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07449","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427256","reference_id":"2427256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427256"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69227","reference_id":"CVE-2025-69227","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69227"},{"reference_url":"https://github.com/advisories/GHSA-jj3x-wxrx-4x23","reference_id":"GHSA-jj3x-wxrx-4x23","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jj3x-wxrx-4x23"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23","reference_id":"GHSA-jj3x-wxrx-4x23","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13545","reference_id":"RHSA-2026:13545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13553","reference_id":"RHSA-2026:13553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5809","reference_id":"RHSA-2026:5809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6761","reference_id":"RHSA-2026:6761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6762","reference_id":"RHSA-2026:6762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6762"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73177?format=json","purl":"pkg:pypi/aiohttp@3.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3v2v-g9dz-q7hu"},{"vulnerability":"VCID-7b59-eb63-tfcf"},{"vulnerability":"VCID-8mb3-gafx-8qaz"},{"vulnerability":"VCID-c1e6-tue3-8yce"},{"vulnerability":"VCID-cvvb-x9jm-ubb8"},{"vulnerability":"VCID-k3f4-wafv-3qgu"},{"vulnerability":"VCID-k3nq-f446-bkas"},{"vulnerability":"VCID-m7wa-qdpv-wuhj"},{"vulnerability":"VCID-myz5-wsnu-u7a5"},{"vulnerability":"VCID-w4mr-q1jr-1qfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3"}],"aliases":["CVE-2025-69227","GHSA-jj3x-wxrx-4x23"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8y5k-1ax1-ykhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63872?format=json","vulnerability_id":"VCID-c1e6-tue3-8yce","summary":"aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22815","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05599","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22815","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22815"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454093","reference_id":"2454093","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454093"},{"reference_url":"https://github.com/advisories/GHSA-w2fm-2cpv-w7v5","reference_id":"GHSA-w2fm-2cpv-w7v5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w2fm-2cpv-w7v5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110334?format=json","purl":"pkg:pypi/aiohttp@3.13.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4"}],"aliases":["CVE-2026-22815","GHSA-w2fm-2cpv-w7v5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1e6-tue3-8yce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63870?format=json","vulnerability_id":"VCID-cvvb-x9jm-ubb8","summary":"aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34515.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34515.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34515","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06042","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34515"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/0ae2aa076c84573df83fc1fdc39eec0f5862fe3d","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:38:30Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/0ae2aa076c84573df83fc1fdc39eec0f5862fe3d"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:38:30Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-p998-jp59-783m","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:38:30Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-p998-jp59-783m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34515","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34515"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454113","reference_id":"2454113","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454113"},{"reference_url":"https://github.com/advisories/GHSA-p998-jp59-783m","reference_id":"GHSA-p998-jp59-783m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p998-jp59-783m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110334?format=json","purl":"pkg:pypi/aiohttp@3.13.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4"}],"aliases":["CVE-2026-34515","GHSA-p998-jp59-783m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvvb-x9jm-ubb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49567?format=json","vulnerability_id":"VCID-emmx-uxw4-bucv","summary":"AIOHTTP Vulnerable to Cookie Parser Warning Storm\nReading multiple invalid cookies can lead to a logging storm.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69230","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01329","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69230"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427255","reference_id":"2427255","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427255"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69230","reference_id":"CVE-2025-69230","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69230"},{"reference_url":"https://github.com/advisories/GHSA-fh55-r93g-j68g","reference_id":"GHSA-fh55-r93g-j68g","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh55-r93g-j68g"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g","reference_id":"GHSA-fh55-r93g-j68g","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73177?format=json","purl":"pkg:pypi/aiohttp@3.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3v2v-g9dz-q7hu"},{"vulnerability":"VCID-7b59-eb63-tfcf"},{"vulnerability":"VCID-8mb3-gafx-8qaz"},{"vulnerability":"VCID-c1e6-tue3-8yce"},{"vulnerability":"VCID-cvvb-x9jm-ubb8"},{"vulnerability":"VCID-k3f4-wafv-3qgu"},{"vulnerability":"VCID-k3nq-f446-bkas"},{"vulnerability":"VCID-m7wa-qdpv-wuhj"},{"vulnerability":"VCID-myz5-wsnu-u7a5"},{"vulnerability":"VCID-w4mr-q1jr-1qfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3"}],"aliases":["CVE-2025-69230","GHSA-fh55-r93g-j68g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emmx-uxw4-bucv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49583?format=json","vulnerability_id":"VCID-hwxf-hppk-r7c8","summary":"AIOHTTP vulnerable to  denial of service through large payloads\nA request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69228","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21369","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69228"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427254","reference_id":"2427254","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427254"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69228","reference_id":"CVE-2025-69228","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69228"},{"reference_url":"https://github.com/advisories/GHSA-6jhg-hg63-jvvf","reference_id":"GHSA-6jhg-hg63-jvvf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6jhg-hg63-jvvf"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf","reference_id":"GHSA-6jhg-hg63-jvvf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13545","reference_id":"RHSA-2026:13545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5809","reference_id":"RHSA-2026:5809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6761","reference_id":"RHSA-2026:6761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6762","reference_id":"RHSA-2026:6762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6762"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73177?format=json","purl":"pkg:pypi/aiohttp@3.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3v2v-g9dz-q7hu"},{"vulnerability":"VCID-7b59-eb63-tfcf"},{"vulnerability":"VCID-8mb3-gafx-8qaz"},{"vulnerability":"VCID-c1e6-tue3-8yce"},{"vulnerability":"VCID-cvvb-x9jm-ubb8"},{"vulnerability":"VCID-k3f4-wafv-3qgu"},{"vulnerability":"VCID-k3nq-f446-bkas"},{"vulnerability":"VCID-m7wa-qdpv-wuhj"},{"vulnerability":"VCID-myz5-wsnu-u7a5"},{"vulnerability":"VCID-w4mr-q1jr-1qfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3"}],"aliases":["CVE-2025-69228","GHSA-6jhg-hg63-jvvf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwxf-hppk-r7c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63867?format=json","vulnerability_id":"VCID-k3f4-wafv-3qgu","summary":"aiohttp: AIOHTTP: Denial of Service via large multipart form fields","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34517","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05391","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34517","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34517"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454095","reference_id":"2454095","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454095"},{"reference_url":"https://github.com/advisories/GHSA-3wq7-rqq7-wx6j","reference_id":"GHSA-3wq7-rqq7-wx6j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3wq7-rqq7-wx6j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110334?format=json","purl":"pkg:pypi/aiohttp@3.13.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4"}],"aliases":["CVE-2026-34517","GHSA-3wq7-rqq7-wx6j"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k3f4-wafv-3qgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63862?format=json","vulnerability_id":"VCID-k3nq-f446-bkas","summary":"aiohttp: aiohttp: Security bypass via multiple Host headers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34525","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36974","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34525"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34525","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34525"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454096","reference_id":"2454096","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454096"},{"reference_url":"https://github.com/advisories/GHSA-c427-h43c-vf67","reference_id":"GHSA-c427-h43c-vf67","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c427-h43c-vf67"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110334?format=json","purl":"pkg:pypi/aiohttp@3.13.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4"}],"aliases":["CVE-2026-34525","GHSA-c427-h43c-vf67"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k3nq-f446-bkas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49580?format=json","vulnerability_id":"VCID-m6u7-xssj-fffs","summary":"AIOHTTP's unicode processing of header values could cause parsing discrepancies\nThe Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69224","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14962","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427246","reference_id":"2427246","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427246"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69224","reference_id":"CVE-2025-69224","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69224"},{"reference_url":"https://github.com/advisories/GHSA-69f9-5gxw-wvc2","reference_id":"GHSA-69f9-5gxw-wvc2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69f9-5gxw-wvc2"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2","reference_id":"GHSA-69f9-5gxw-wvc2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73177?format=json","purl":"pkg:pypi/aiohttp@3.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3v2v-g9dz-q7hu"},{"vulnerability":"VCID-7b59-eb63-tfcf"},{"vulnerability":"VCID-8mb3-gafx-8qaz"},{"vulnerability":"VCID-c1e6-tue3-8yce"},{"vulnerability":"VCID-cvvb-x9jm-ubb8"},{"vulnerability":"VCID-k3f4-wafv-3qgu"},{"vulnerability":"VCID-k3nq-f446-bkas"},{"vulnerability":"VCID-m7wa-qdpv-wuhj"},{"vulnerability":"VCID-myz5-wsnu-u7a5"},{"vulnerability":"VCID-w4mr-q1jr-1qfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3"}],"aliases":["CVE-2025-69224","GHSA-69f9-5gxw-wvc2"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6u7-xssj-fffs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63868?format=json","vulnerability_id":"VCID-m7wa-qdpv-wuhj","summary":"aiohttp: AIOHTTP: Denial of Service via excessive multipart headers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34516","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05599","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34516","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34516"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454112","reference_id":"2454112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454112"},{"reference_url":"https://github.com/advisories/GHSA-m5qp-6w8w-w647","reference_id":"GHSA-m5qp-6w8w-w647","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m5qp-6w8w-w647"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110334?format=json","purl":"pkg:pypi/aiohttp@3.13.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4"}],"aliases":["CVE-2026-34516","GHSA-m5qp-6w8w-w647"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7wa-qdpv-wuhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49570?format=json","vulnerability_id":"VCID-msav-gwbq-bufr","summary":"AIOHTTP vulnerable to brute-force leak of internal static file path components\nPath normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the\nexistence of absolute path components.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69226","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21558","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427245","reference_id":"2427245","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427245"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69226","reference_id":"CVE-2025-69226","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69226"},{"reference_url":"https://github.com/advisories/GHSA-54jq-c3m8-4m76","reference_id":"GHSA-54jq-c3m8-4m76","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54jq-c3m8-4m76"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76","reference_id":"GHSA-54jq-c3m8-4m76","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73177?format=json","purl":"pkg:pypi/aiohttp@3.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3v2v-g9dz-q7hu"},{"vulnerability":"VCID-7b59-eb63-tfcf"},{"vulnerability":"VCID-8mb3-gafx-8qaz"},{"vulnerability":"VCID-c1e6-tue3-8yce"},{"vulnerability":"VCID-cvvb-x9jm-ubb8"},{"vulnerability":"VCID-k3f4-wafv-3qgu"},{"vulnerability":"VCID-k3nq-f446-bkas"},{"vulnerability":"VCID-m7wa-qdpv-wuhj"},{"vulnerability":"VCID-myz5-wsnu-u7a5"},{"vulnerability":"VCID-w4mr-q1jr-1qfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3"}],"aliases":["CVE-2025-69226","GHSA-54jq-c3m8-4m76"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msav-gwbq-bufr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63865?format=json","vulnerability_id":"VCID-myz5-wsnu-u7a5","summary":"aiohttp: aiohttp: Header injection vulnerability via reason parameter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34519","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17029","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34519","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34519"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454100","reference_id":"2454100","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454100"},{"reference_url":"https://github.com/advisories/GHSA-mwh4-6h8g-pg8w","reference_id":"GHSA-mwh4-6h8g-pg8w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mwh4-6h8g-pg8w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110334?format=json","purl":"pkg:pypi/aiohttp@3.13.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4"}],"aliases":["CVE-2026-34519","GHSA-mwh4-6h8g-pg8w"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myz5-wsnu-u7a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49577?format=json","vulnerability_id":"VCID-p12d-qx3n-cuav","summary":"AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb\nA zip bomb can be used to execute a DoS against the aiohttp server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69223","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17599","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69223"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427456","reference_id":"2427456","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427456"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69223","reference_id":"CVE-2025-69223","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69223"},{"reference_url":"https://github.com/advisories/GHSA-6mq8-rvhq-8wgg","reference_id":"GHSA-6mq8-rvhq-8wgg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6mq8-rvhq-8wgg"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg","reference_id":"GHSA-6mq8-rvhq-8wgg","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1249","reference_id":"RHSA-2026:1249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1497","reference_id":"RHSA-2026:1497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1506","reference_id":"RHSA-2026:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1596","reference_id":"RHSA-2026:1596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1599","reference_id":"RHSA-2026:1599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1609","reference_id":"RHSA-2026:1609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2106","reference_id":"RHSA-2026:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2695","reference_id":"RHSA-2026:2695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3958","reference_id":"RHSA-2026:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3959","reference_id":"RHSA-2026:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6308","reference_id":"RHSA-2026:6308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6309","reference_id":"RHSA-2026:6309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6404","reference_id":"RHSA-2026:6404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6404"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73177?format=json","purl":"pkg:pypi/aiohttp@3.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3v2v-g9dz-q7hu"},{"vulnerability":"VCID-7b59-eb63-tfcf"},{"vulnerability":"VCID-8mb3-gafx-8qaz"},{"vulnerability":"VCID-c1e6-tue3-8yce"},{"vulnerability":"VCID-cvvb-x9jm-ubb8"},{"vulnerability":"VCID-k3f4-wafv-3qgu"},{"vulnerability":"VCID-k3nq-f446-bkas"},{"vulnerability":"VCID-m7wa-qdpv-wuhj"},{"vulnerability":"VCID-myz5-wsnu-u7a5"},{"vulnerability":"VCID-w4mr-q1jr-1qfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3"}],"aliases":["CVE-2025-69223","GHSA-6mq8-rvhq-8wgg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p12d-qx3n-cuav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49563?format=json","vulnerability_id":"VCID-qh9b-wf9z-13d2","summary":"AIOHTTP has unicode match groups in regexes for ASCII protocol elements\nThe parser allows non-ASCII decimals to be present in the Range header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69225","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12707","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427253","reference_id":"2427253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427253"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69225","reference_id":"CVE-2025-69225","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69225"},{"reference_url":"https://github.com/advisories/GHSA-mqqc-3gqh-h2x8","reference_id":"GHSA-mqqc-3gqh-h2x8","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqqc-3gqh-h2x8"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8","reference_id":"GHSA-mqqc-3gqh-h2x8","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73177?format=json","purl":"pkg:pypi/aiohttp@3.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3v2v-g9dz-q7hu"},{"vulnerability":"VCID-7b59-eb63-tfcf"},{"vulnerability":"VCID-8mb3-gafx-8qaz"},{"vulnerability":"VCID-c1e6-tue3-8yce"},{"vulnerability":"VCID-cvvb-x9jm-ubb8"},{"vulnerability":"VCID-k3f4-wafv-3qgu"},{"vulnerability":"VCID-k3nq-f446-bkas"},{"vulnerability":"VCID-m7wa-qdpv-wuhj"},{"vulnerability":"VCID-myz5-wsnu-u7a5"},{"vulnerability":"VCID-w4mr-q1jr-1qfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3"}],"aliases":["CVE-2025-69225","GHSA-mqqc-3gqh-h2x8"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qh9b-wf9z-13d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63873?format=json","vulnerability_id":"VCID-w4mr-q1jr-1qfp","summary":"aiohttp: AIOHTTP: Denial of Service due to unbounded DNS cache","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34513","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05599","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34513","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34513"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454107","reference_id":"2454107","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454107"},{"reference_url":"https://github.com/advisories/GHSA-hcc4-c3v8-rx92","reference_id":"GHSA-hcc4-c3v8-rx92","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hcc4-c3v8-rx92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110334?format=json","purl":"pkg:pypi/aiohttp@3.13.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.4"}],"aliases":["CVE-2026-34513","GHSA-hcc4-c3v8-rx92"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4mr-q1jr-1qfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49582?format=json","vulnerability_id":"VCID-xgmx-6qmw-7ugn","summary":"AIOHTTP vulnerable to DoS through chunked messages\nHandling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69229","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13073","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69229"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427257","reference_id":"2427257","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427257"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69229","reference_id":"CVE-2025-69229","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69229"},{"reference_url":"https://github.com/advisories/GHSA-g84x-mcqj-x9qq","reference_id":"GHSA-g84x-mcqj-x9qq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g84x-mcqj-x9qq"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq","reference_id":"GHSA-g84x-mcqj-x9qq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73177?format=json","purl":"pkg:pypi/aiohttp@3.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3v2v-g9dz-q7hu"},{"vulnerability":"VCID-7b59-eb63-tfcf"},{"vulnerability":"VCID-8mb3-gafx-8qaz"},{"vulnerability":"VCID-c1e6-tue3-8yce"},{"vulnerability":"VCID-cvvb-x9jm-ubb8"},{"vulnerability":"VCID-k3f4-wafv-3qgu"},{"vulnerability":"VCID-k3nq-f446-bkas"},{"vulnerability":"VCID-m7wa-qdpv-wuhj"},{"vulnerability":"VCID-myz5-wsnu-u7a5"},{"vulnerability":"VCID-w4mr-q1jr-1qfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.13.3"}],"aliases":["CVE-2025-69229","GHSA-g84x-mcqj-x9qq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xgmx-6qmw-7ugn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57651?format=json","vulnerability_id":"VCID-yr3u-3vzh-1yhq","summary":"AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections\nThe Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53643","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62568","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336","reference_id":"1109336","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2380000","reference_id":"2380000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2380000"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53643","reference_id":"CVE-2025-53643","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53643"},{"reference_url":"https://github.com/advisories/GHSA-9548-qrrj-x5pj","reference_id":"GHSA-9548-qrrj-x5pj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9548-qrrj-x5pj"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj","reference_id":"GHSA-9548-qrrj-x5pj","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22759","reference_id":"RHSA-2025:22759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22759"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22939","reference_id":"RHSA-2025:22939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22944","reference_id":"RHSA-2025:22944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23531","reference_id":"RHSA-2025:23531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1249","reference_id":"RHSA-2026:1249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1506","reference_id":"RHSA-2026:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2760","reference_id":"RHSA-2026:2760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2760"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85743?format=json","purl":"pkg:pypi/aiohttp@3.12.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3v2v-g9dz-q7hu"},{"vulnerability":"VCID-7b59-eb63-tfcf"},{"vulnerability":"VCID-8mb3-gafx-8qaz"},{"vulnerability":"VCID-8y5k-1ax1-ykhs"},{"vulnerability":"VCID-c1e6-tue3-8yce"},{"vulnerability":"VCID-cvvb-x9jm-ubb8"},{"vulnerability":"VCID-emmx-uxw4-bucv"},{"vulnerability":"VCID-hwxf-hppk-r7c8"},{"vulnerability":"VCID-k3f4-wafv-3qgu"},{"vulnerability":"VCID-k3nq-f446-bkas"},{"vulnerability":"VCID-m6u7-xssj-fffs"},{"vulnerability":"VCID-m7wa-qdpv-wuhj"},{"vulnerability":"VCID-msav-gwbq-bufr"},{"vulnerability":"VCID-myz5-wsnu-u7a5"},{"vulnerability":"VCID-p12d-qx3n-cuav"},{"vulnerability":"VCID-qh9b-wf9z-13d2"},{"vulnerability":"VCID-w4mr-q1jr-1qfp"},{"vulnerability":"VCID-xgmx-6qmw-7ugn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.12.14"}],"aliases":["CVE-2025-53643","GHSA-9548-qrrj-x5pj"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yr3u-3vzh-1yhq"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56231?format=json","vulnerability_id":"VCID-fxy2-3923-a7gf","summary":"aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method\nA memory leak can occur when a request produces a `MatchInfoError`. This was caused by adding an entry to a cache on each request, due to the building of each `MatchInfoError` producing a unique cache entry.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52303.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52303","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62338","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52303"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:39:25Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088108","reference_id":"1088108","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088108"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327123","reference_id":"2327123","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327123"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52303","reference_id":"CVE-2024-52303","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52303"},{"reference_url":"https://github.com/advisories/GHSA-27mf-ghqm-j3j8","reference_id":"GHSA-27mf-ghqm-j3j8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-27mf-ghqm-j3j8"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-27mf-ghqm-j3j8","reference_id":"GHSA-27mf-ghqm-j3j8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:39:25Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-27mf-ghqm-j3j8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83284?format=json","purl":"pkg:pypi/aiohttp@3.10.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3v2v-g9dz-q7hu"},{"vulnerability":"VCID-7b59-eb63-tfcf"},{"vulnerability":"VCID-8mb3-gafx-8qaz"},{"vulnerability":"VCID-8y5k-1ax1-ykhs"},{"vulnerability":"VCID-c1e6-tue3-8yce"},{"vulnerability":"VCID-cvvb-x9jm-ubb8"},{"vulnerability":"VCID-emmx-uxw4-bucv"},{"vulnerability":"VCID-hwxf-hppk-r7c8"},{"vulnerability":"VCID-k3f4-wafv-3qgu"},{"vulnerability":"VCID-k3nq-f446-bkas"},{"vulnerability":"VCID-m6u7-xssj-fffs"},{"vulnerability":"VCID-m7wa-qdpv-wuhj"},{"vulnerability":"VCID-msav-gwbq-bufr"},{"vulnerability":"VCID-myz5-wsnu-u7a5"},{"vulnerability":"VCID-p12d-qx3n-cuav"},{"vulnerability":"VCID-qh9b-wf9z-13d2"},{"vulnerability":"VCID-w4mr-q1jr-1qfp"},{"vulnerability":"VCID-xgmx-6qmw-7ugn"},{"vulnerability":"VCID-yr3u-3vzh-1yhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.10.11"}],"aliases":["CVE-2024-52303","GHSA-27mf-ghqm-j3j8"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxy2-3923-a7gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56224?format=json","vulnerability_id":"VCID-qyz8-8vv1-6kgc","summary":"aiohttp allows request smuggling due to incorrect parsing of chunk extensions\nThe Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52304.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52304","reference_id":"","reference_type":"","scores":[{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62299","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52304"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T15:38:44Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088109","reference_id":"1088109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088109"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327130","reference_id":"2327130","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327130"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52304","reference_id":"CVE-2024-52304","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52304"},{"reference_url":"https://github.com/advisories/GHSA-8495-4g3g-x7pr","reference_id":"GHSA-8495-4g3g-x7pr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8495-4g3g-x7pr"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr","reference_id":"GHSA-8495-4g3g-x7pr","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T15:38:44Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10766","reference_id":"RHSA-2024:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11574","reference_id":"RHSA-2024:11574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0340","reference_id":"RHSA-2025:0340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0341","reference_id":"RHSA-2025:0341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0722","reference_id":"RHSA-2025:0722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0753","reference_id":"RHSA-2025:0753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1101","reference_id":"RHSA-2025:1101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1101"},{"reference_url":"https://usn.ubuntu.com/7642-1/","reference_id":"USN-7642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7642-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83284?format=json","purl":"pkg:pypi/aiohttp@3.10.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3v2v-g9dz-q7hu"},{"vulnerability":"VCID-7b59-eb63-tfcf"},{"vulnerability":"VCID-8mb3-gafx-8qaz"},{"vulnerability":"VCID-8y5k-1ax1-ykhs"},{"vulnerability":"VCID-c1e6-tue3-8yce"},{"vulnerability":"VCID-cvvb-x9jm-ubb8"},{"vulnerability":"VCID-emmx-uxw4-bucv"},{"vulnerability":"VCID-hwxf-hppk-r7c8"},{"vulnerability":"VCID-k3f4-wafv-3qgu"},{"vulnerability":"VCID-k3nq-f446-bkas"},{"vulnerability":"VCID-m6u7-xssj-fffs"},{"vulnerability":"VCID-m7wa-qdpv-wuhj"},{"vulnerability":"VCID-msav-gwbq-bufr"},{"vulnerability":"VCID-myz5-wsnu-u7a5"},{"vulnerability":"VCID-p12d-qx3n-cuav"},{"vulnerability":"VCID-qh9b-wf9z-13d2"},{"vulnerability":"VCID-w4mr-q1jr-1qfp"},{"vulnerability":"VCID-xgmx-6qmw-7ugn"},{"vulnerability":"VCID-yr3u-3vzh-1yhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.10.11"}],"aliases":["CVE-2024-52304","GHSA-8495-4g3g-x7pr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qyz8-8vv1-6kgc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.10.11"}