{"url":"http://public2.vulnerablecode.io/api/packages/994963?format=json","purl":"pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1","type":"deb","namespace":"debian","name":"python-aiohttp","version":"3.8.4-1+deb12u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.13.5-1","latest_non_vulnerable_version":"3.13.5-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267391?format=json","vulnerability_id":"VCID-19q4-vzzb-8uca","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34519","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11693","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1165","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11778","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1181","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11732","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13732","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13791","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18268","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18323","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18375","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18422","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18423","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1837","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34519","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34519"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454100","reference_id":"2454100","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454100"},{"reference_url":"https://github.com/advisories/GHSA-mwh4-6h8g-pg8w","reference_id":"GHSA-mwh4-6h8g-pg8w","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwh4-6h8g-pg8w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088967?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1"}],"aliases":["CVE-2026-34519","GHSA-mwh4-6h8g-pg8w"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19q4-vzzb-8uca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267385?format=json","vulnerability_id":"VCID-5f1f-mrwv-zucz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34513","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.122","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12245","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16263","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16369","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16335","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16315","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16386","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16441","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16218","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16259","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16355","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.165","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16446","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34513","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34513"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454107","reference_id":"2454107","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454107"},{"reference_url":"https://github.com/advisories/GHSA-hcc4-c3v8-rx92","reference_id":"GHSA-hcc4-c3v8-rx92","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcc4-c3v8-rx92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088967?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1"}],"aliases":["CVE-2026-34513","GHSA-hcc4-c3v8-rx92"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5f1f-mrwv-zucz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267388?format=json","vulnerability_id":"VCID-cg9h-fysf-xygf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34516","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11462","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.122","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1533","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15325","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1543","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15468","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15418","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16335","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16259","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16263","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16369","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16315","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16218","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34516","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34516"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454112","reference_id":"2454112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454112"},{"reference_url":"https://github.com/advisories/GHSA-m5qp-6w8w-w647","reference_id":"GHSA-m5qp-6w8w-w647","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m5qp-6w8w-w647"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088967?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1"}],"aliases":["CVE-2026-34516","GHSA-m5qp-6w8w-w647"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cg9h-fysf-xygf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20734?format=json","vulnerability_id":"VCID-d3pa-kwgz-vuag","summary":"AIOHTTP vulnerable to  denial of service through large payloads\n### Summary\nA request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing.\n\n### Impact\nIf an application includes a handler that uses the `Request.post()` method, an attacker may be able to freeze the server by exhausting the memory.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69228","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1943","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19467","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19479","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19584","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19572","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19565","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19637","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19835","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19557","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19689","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19587","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19782","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19646","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19695","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69228"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69228","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69228"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427254","reference_id":"2427254","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427254"},{"reference_url":"https://github.com/advisories/GHSA-6jhg-hg63-jvvf","reference_id":"GHSA-6jhg-hg63-jvvf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6jhg-hg63-jvvf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5809","reference_id":"RHSA-2026:5809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6761","reference_id":"RHSA-2026:6761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6762","reference_id":"RHSA-2026:6762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6762"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994965?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3"}],"aliases":["CVE-2025-69228","GHSA-6jhg-hg63-jvvf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3pa-kwgz-vuag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267390?format=json","vulnerability_id":"VCID-drqp-x9gc-2qd3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34518","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11175","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11236","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11208","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11277","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11337","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.122","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12245","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16355","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16325","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16386","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.165","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16441","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34518","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34518"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454098","reference_id":"2454098","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454098"},{"reference_url":"https://github.com/advisories/GHSA-966j-vmvw-g2g9","reference_id":"GHSA-966j-vmvw-g2g9","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-966j-vmvw-g2g9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088967?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1"}],"aliases":["CVE-2026-34518","GHSA-966j-vmvw-g2g9"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-drqp-x9gc-2qd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16060?format=json","vulnerability_id":"VCID-ekqy-23wg-5ugu","summary":"In aiohttp, compressed files as symlinks are not protected from path traversal\n### Summary\nStatic routes which contain files with compressed variants (`.gz` or `.br` extension) were vulnerable to path traversal outside the root directory if those variants are symbolic links.\n\n### Details\nThe server protects static routes from path traversal outside the root directory when `follow_symlinks=False` (default).  It does this by resolving the requested URL to an absolute path and then checking that path relative to the root.  However, these checks are not performed when looking for compressed variants in the `FileResponse` class, and symbolic links are then automatically followed when performing `Path.stat()` and `Path.open()` to send the file.\n\n### Impact\nServers with static routes that contain compressed variants as symbolic links, pointing outside the root directory, or that permit users to upload or create such links, are impacted.\n\n----\n\nPatch: https://github.com/aio-libs/aiohttp/pull/8653/files","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42367.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42367.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42367","reference_id":"","reference_type":"","scores":[{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57586","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57607","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57587","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57629","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57655","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57645","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57665","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.5765","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57593","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57618","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57646","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57597","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42367"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_fileresponse.py#L177","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/"}],"url":"https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_fileresponse.py#L177"},{"reference_url":"https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_urldispatcher.py#L674","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/"}],"url":"https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_urldispatcher.py#L674"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/ce2e9758814527589b10759a20783fb03b98339f","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/ce2e9758814527589b10759a20783fb03b98339f"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/8653","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/"}],"url":"https://github.com/aio-libs/aiohttp/pull/8653"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42367","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2304394","reference_id":"2304394","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2304394"},{"reference_url":"https://github.com/advisories/GHSA-jwhx-xcg6-8xhj","reference_id":"GHSA-jwhx-xcg6-8xhj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jwhx-xcg6-8xhj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994964?format=json","purl":"pkg:deb/debian/python-aiohttp@3.11.16-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1"}],"aliases":["CVE-2024-42367","GHSA-jwhx-xcg6-8xhj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekqy-23wg-5ugu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20094?format=json","vulnerability_id":"VCID-ft9z-nd6x-27dz","summary":"AIOHTTP has unicode match groups in regexes for ASCII protocol elements\n### Summary\n\nThe parser allows non-ASCII decimals to be present in the Range header.\n\n### Impact\n\nThere is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability.\n\n----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69225","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1391","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13936","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13935","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14126","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13932","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14014","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14067","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14022","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13985","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13905","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14072","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13833","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13839","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69225","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69225"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427253","reference_id":"2427253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427253"},{"reference_url":"https://github.com/advisories/GHSA-mqqc-3gqh-h2x8","reference_id":"GHSA-mqqc-3gqh-h2x8","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqqc-3gqh-h2x8"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994965?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3"}],"aliases":["CVE-2025-69225","GHSA-mqqc-3gqh-h2x8"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ft9z-nd6x-27dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267393?format=json","vulnerability_id":"VCID-g4rj-1kzy-pkft","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34525","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24814","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24852","published_at":"2026-04-04T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27783","published_at":"2026-04-12T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27825","published_at":"2026-04-11T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2782","published_at":"2026-04-09T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27777","published_at":"2026-04-08T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27709","published_at":"2026-04-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27734","published_at":"2026-04-16T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27726","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30498","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30894","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3086","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30698","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30582","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34525"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34525","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34525"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454096","reference_id":"2454096","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454096"},{"reference_url":"https://github.com/advisories/GHSA-c427-h43c-vf67","reference_id":"GHSA-c427-h43c-vf67","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c427-h43c-vf67"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088967?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1"}],"aliases":["CVE-2026-34525","GHSA-c427-h43c-vf67"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4rj-1kzy-pkft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267389?format=json","vulnerability_id":"VCID-hyh4-58xy-xfge","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34517","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12245","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.122","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15771","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15744","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15753","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15796","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15817","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15814","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16355","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16441","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.165","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16386","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34517","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34517"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454095","reference_id":"2454095","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454095"},{"reference_url":"https://github.com/advisories/GHSA-3wq7-rqq7-wx6j","reference_id":"GHSA-3wq7-rqq7-wx6j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3wq7-rqq7-wx6j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088967?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1"}],"aliases":["CVE-2026-34517","GHSA-3wq7-rqq7-wx6j"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hyh4-58xy-xfge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12062?format=json","vulnerability_id":"VCID-jxqg-x9dh-z3hb","summary":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input.  Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23829","reference_id":"","reference_type":"","scores":[{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64834","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64847","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64816","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.6659","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66588","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66617","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66674","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.6666","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66624","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66669","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.6665","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66636","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/3235","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/pull/3235"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/8074","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/"}],"url":"https://github.com/aio-libs/aiohttp/pull/8074"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/8074/files","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/pull/8074/files"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23829","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23829"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708","reference_id":"1062708","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261909","reference_id":"2261909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261909"},{"reference_url":"https://github.com/advisories/GHSA-8qpw-xqxj-h4r2","reference_id":"GHSA-8qpw-xqxj-h4r2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8qpw-xqxj-h4r2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/","reference_id":"ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://usn.ubuntu.com/7642-1/","reference_id":"USN-7642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7642-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994964?format=json","purl":"pkg:deb/debian/python-aiohttp@3.11.16-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1"}],"aliases":["CVE-2024-23829","GHSA-8qpw-xqxj-h4r2","PYSEC-2024-26"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxqg-x9dh-z3hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29889?format=json","vulnerability_id":"VCID-k122-7d38-2ug5","summary":"AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections\n### Summary\nThe Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request.\n\n### Impact\nIf a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.\n\n----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53643","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23245","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23152","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23289","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23078","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24852","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24858","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24847","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24901","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.2494","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24925","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24716","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24773","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.2483","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53643","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53643"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336","reference_id":"1109336","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2380000","reference_id":"2380000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2380000"},{"reference_url":"https://github.com/advisories/GHSA-9548-qrrj-x5pj","reference_id":"GHSA-9548-qrrj-x5pj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9548-qrrj-x5pj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22759","reference_id":"RHSA-2025:22759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22759"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22939","reference_id":"RHSA-2025:22939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22944","reference_id":"RHSA-2025:22944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23531","reference_id":"RHSA-2025:23531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1249","reference_id":"RHSA-2026:1249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1506","reference_id":"RHSA-2026:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2760","reference_id":"RHSA-2026:2760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2760"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994965?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3"}],"aliases":["CVE-2025-53643","GHSA-9548-qrrj-x5pj"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k122-7d38-2ug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267347?format=json","vulnerability_id":"VCID-kf4p-q9n9-ayhn","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22815","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11462","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.122","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16263","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16369","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16335","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16315","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16346","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16218","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16259","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16475","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16491","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16432","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16375","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16436","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22815","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22815"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454093","reference_id":"2454093","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454093"},{"reference_url":"https://github.com/advisories/GHSA-w2fm-2cpv-w7v5","reference_id":"GHSA-w2fm-2cpv-w7v5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w2fm-2cpv-w7v5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088967?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1"}],"aliases":["CVE-2026-22815","GHSA-w2fm-2cpv-w7v5"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kf4p-q9n9-ayhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20615?format=json","vulnerability_id":"VCID-peyu-fxyx-ayde","summary":"AIOHTTP vulnerable to DoS through chunked messages\n### Summary\n\nHandling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks.\n\n### Impact\n\nIf an application makes use of the `request.read()` method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712\nPatch: https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69229","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16113","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16152","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16154","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16261","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16223","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16204","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16268","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16336","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16243","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16328","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16454","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16375","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16391","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69229"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69229","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69229"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427257","reference_id":"2427257","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427257"},{"reference_url":"https://github.com/advisories/GHSA-g84x-mcqj-x9qq","reference_id":"GHSA-g84x-mcqj-x9qq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g84x-mcqj-x9qq"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994965?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3"}],"aliases":["CVE-2025-69229","GHSA-g84x-mcqj-x9qq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-peyu-fxyx-ayde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20124?format=json","vulnerability_id":"VCID-qrus-4szm-c3bj","summary":"AIOHTTP's unicode processing of header values could cause parsing discrepancies\n### Summary\nThe Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters.\n\n### Impact\nIf a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.\n\n------\n\nPatch: https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69224","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13124","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13228","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13256","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13251","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13164","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13165","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13259","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13308","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13243","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13325","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13447","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13383","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13376","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69224","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69224"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427246","reference_id":"2427246","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427246"},{"reference_url":"https://github.com/advisories/GHSA-69f9-5gxw-wvc2","reference_id":"GHSA-69f9-5gxw-wvc2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69f9-5gxw-wvc2"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994965?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3"}],"aliases":["CVE-2025-69224","GHSA-69f9-5gxw-wvc2"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrus-4szm-c3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267386?format=json","vulnerability_id":"VCID-qt9z-6kwe-wbht","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34514","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1165","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11693","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11694","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11732","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11778","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1181","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13732","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13791","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18323","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18375","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18423","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1837","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18422","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34514","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34514"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454102","reference_id":"2454102","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454102"},{"reference_url":"https://github.com/advisories/GHSA-2vrm-gr82-f7m5","reference_id":"GHSA-2vrm-gr82-f7m5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2vrm-gr82-f7m5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088967?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1"}],"aliases":["CVE-2026-34514","GHSA-2vrm-gr82-f7m5"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qt9z-6kwe-wbht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20725?format=json","vulnerability_id":"VCID-sjws-ddnq-fke2","summary":"AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb\n### Summary\nA zip bomb can be used to execute a DoS against the aiohttp server.\n\n### Impact\nAn attacker may be able to send a compressed request that when decompressed by aiohttp could exhaust the host's memory.\n\n------\n\nPatch: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69223","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1943","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19467","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19479","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19584","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19572","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19565","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19637","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19835","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19557","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19689","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19587","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19782","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19646","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19695","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69223"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69223","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69223"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427456","reference_id":"2427456","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427456"},{"reference_url":"https://github.com/advisories/GHSA-6mq8-rvhq-8wgg","reference_id":"GHSA-6mq8-rvhq-8wgg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6mq8-rvhq-8wgg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1249","reference_id":"RHSA-2026:1249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1497","reference_id":"RHSA-2026:1497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1506","reference_id":"RHSA-2026:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1596","reference_id":"RHSA-2026:1596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1599","reference_id":"RHSA-2026:1599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1609","reference_id":"RHSA-2026:1609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2106","reference_id":"RHSA-2026:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2695","reference_id":"RHSA-2026:2695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3958","reference_id":"RHSA-2026:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3959","reference_id":"RHSA-2026:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6308","reference_id":"RHSA-2026:6308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6309","reference_id":"RHSA-2026:6309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6404","reference_id":"RHSA-2026:6404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6404"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994965?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3"}],"aliases":["CVE-2025-69223","GHSA-6mq8-rvhq-8wgg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjws-ddnq-fke2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20527?format=json","vulnerability_id":"VCID-t9gx-etxx-vkgb","summary":"AIOHTTP vulnerable to DoS when bypassing asserts\n### Summary\nWhen assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body.\n\n### Impact\nIf optimisations are enabled (`-O` or `PYTHONOPTIMIZE=1`), and the application includes a handler that uses the `Request.post()` method, then an attacker may be able to execute a DoS attack with a specially crafted message.\n\n------\n\nPatch: https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69227","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1943","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19467","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19479","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19584","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19572","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19565","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19637","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19835","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19557","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19689","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19587","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19782","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19646","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19695","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69227","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69227"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427256","reference_id":"2427256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427256"},{"reference_url":"https://github.com/advisories/GHSA-jj3x-wxrx-4x23","reference_id":"GHSA-jj3x-wxrx-4x23","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jj3x-wxrx-4x23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5809","reference_id":"RHSA-2026:5809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6761","reference_id":"RHSA-2026:6761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6762","reference_id":"RHSA-2026:6762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6762"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994965?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3"}],"aliases":["CVE-2025-69227","GHSA-jj3x-wxrx-4x23"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9gx-etxx-vkgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267392?format=json","vulnerability_id":"VCID-tmjw-8cdt-7yf7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34520","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13027","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13732","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17325","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17329","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17387","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17441","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17488","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17476","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17416","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17799","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17948","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17912","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17836","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17858","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/"}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34520","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34520"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582","reference_id":"1132582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454094","reference_id":"2454094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454094"},{"reference_url":"https://github.com/advisories/GHSA-63hf-3vf5-4wqf","reference_id":"GHSA-63hf-3vf5-4wqf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-63hf-3vf5-4wqf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088967?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1"}],"aliases":["CVE-2026-34520","GHSA-63hf-3vf5-4wqf"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmjw-8cdt-7yf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13026?format=json","vulnerability_id":"VCID-tn28-662n-vug8","summary":"aiohttp Cross-site Scripting vulnerability on index pages for static file handling\n### Summary\n\nA XSS vulnerability exists on index pages for static file handling.\n\n### Details\n\nWhen using `web.static(..., show_index=True)`, the resulting index pages do not escape file names.\n\nIf users can upload files with arbitrary filenames to the static directory, the server is vulnerable to XSS attacks.\n\n### Workaround\n\nWe have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected.\n\nOther users can disable `show_index` if unable to upgrade.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/pull/8319/files","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27306","reference_id":"","reference_type":"","scores":[{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69288","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6934","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72284","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72288","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73066","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73167","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73158","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73117","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73103","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73092","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73072","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73115","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73121","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73141","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/8319","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://github.com/aio-libs/aiohttp/pull/8319"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/8319/files","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/pull/8319/files"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27306","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27306"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665","reference_id":"1070665","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275989","reference_id":"2275989","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275989"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/","reference_id":"2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/"},{"reference_url":"https://github.com/advisories/GHSA-7gpw-8wmc-pm8g","reference_id":"GHSA-7gpw-8wmc-pm8g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7gpw-8wmc-pm8g"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/","reference_id":"NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3781","reference_id":"RHSA-2024:3781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5662","reference_id":"RHSA-2024:5662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"},{"reference_url":"https://usn.ubuntu.com/7642-1/","reference_id":"USN-7642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7642-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/","reference_id":"ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994964?format=json","purl":"pkg:deb/debian/python-aiohttp@3.11.16-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1"}],"aliases":["CVE-2024-27306","GHSA-7gpw-8wmc-pm8g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tn28-662n-vug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10702?format=json","vulnerability_id":"VCID-ttq3-65ny-skdg","summary":"aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser\n### Impact\n\naiohttp v3.8.4 and earlier are [bundled with llhttp v6.0.6](https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules) which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel.\n\nThis vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`).\n\n### Reproducer\n\n```python\nfrom aiohttp import web\n\nasync def example(request: web.Request):\n    headers = dict(request.headers)\n    body = await request.content.read()\n    return web.Response(text=f\"headers: {headers} body: {body}\")\n\napp = web.Application()\napp.add_routes([web.post('/', example)])\nweb.run_app(app)\n```\n\nSending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling.\n\n```console\n$ printf \"POST / HTTP/1.1\\r\\nHost: localhost:8080\\r\\nX-Abc: \\rxTransfer-Encoding: chunked\\r\\n\\r\\n1\\r\\nA\\r\\n0\\r\\n\\r\\n\" \\\n  | nc localhost 8080\n\nExpected output:\n  headers: {'Host': 'localhost:8080', 'X-Abc': '\\rxTransfer-Encoding: chunked'} body: b''\n\nActual output (note that 'Transfer-Encoding: chunked' is an HTTP header now and body is treated differently)\n  headers: {'Host': 'localhost:8080', 'X-Abc': '', 'Transfer-Encoding': 'chunked'} body: b'A'\n```\n\n### Patches\n\nUpgrade to the latest version of aiohttp to resolve this vulnerability. It has been fixed in v3.8.5: [`pip install aiohttp >= 3.8.5`](https://pypi.org/project/aiohttp/3.8.5/)\n\n### Workarounds\n\nIf you aren't able to upgrade you can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable to request smuggling:\n\n```console\n$ python -m pip uninstall --yes aiohttp\n$ AIOHTTP_NO_EXTENSIONS=1 python -m pip install --no-binary=aiohttp --no-cache aiohttp\n```\n\n### References\n\n* https://nvd.nist.gov/vuln/detail/CVE-2023-30589\n* https://hackerone.com/reports/2001873","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37276.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37276.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37276","reference_id":"","reference_type":"","scores":[{"value":"0.05775","scoring_system":"epss","scoring_elements":"0.9048","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05775","scoring_system":"epss","scoring_elements":"0.90506","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05775","scoring_system":"epss","scoring_elements":"0.90509","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05775","scoring_system":"epss","scoring_elements":"0.90497","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05775","scoring_system":"epss","scoring_elements":"0.90498","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05775","scoring_system":"epss","scoring_elements":"0.90481","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05775","scoring_system":"epss","scoring_elements":"0.90487","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05775","scoring_system":"epss","scoring_elements":"0.90474","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05775","scoring_system":"epss","scoring_elements":"0.90462","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05775","scoring_system":"epss","scoring_elements":"0.90456","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05775","scoring_system":"epss","scoring_elements":"0.90444","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37276"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/"}],"url":"https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/9c13a52c21c23dfdb49ed89418d28a5b116d0681","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/commit/9c13a52c21c23dfdb49ed89418d28a5b116d0681"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-120.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-120.yaml"},{"reference_url":"https://hackerone.com/reports/2001873","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/"}],"url":"https://hackerone.com/reports/2001873"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37276","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37276"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224185","reference_id":"2224185","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224185"},{"reference_url":"https://github.com/advisories/GHSA-45c4-8wx5-qw6w","reference_id":"GHSA-45c4-8wx5-qw6w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-45c4-8wx5-qw6w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994964?format=json","purl":"pkg:deb/debian/python-aiohttp@3.11.16-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1"}],"aliases":["CVE-2023-37276","GHSA-45c4-8wx5-qw6w","PYSEC-2023-120"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttq3-65ny-skdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20366?format=json","vulnerability_id":"VCID-vqvz-jfqh-jkaz","summary":"AIOHTTP vulnerable to brute-force leak of internal static file path components\n### Summary\nPath normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the\nexistence of absolute path components.\n\n### Impact\nIf an application uses `web.static()` (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components.\n\n------\n\nPatch: https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69226","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19575","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19611","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19625","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1973","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19718","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19716","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19982","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1984","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19788","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19708","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19927","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19798","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19843","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69226","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69226"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427245","reference_id":"2427245","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427245"},{"reference_url":"https://github.com/advisories/GHSA-54jq-c3m8-4m76","reference_id":"GHSA-54jq-c3m8-4m76","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54jq-c3m8-4m76"},{"reference_url":"https://usn.ubuntu.com/8032-1/","reference_id":"USN-8032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8032-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994965?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3"}],"aliases":["CVE-2025-69226","GHSA-54jq-c3m8-4m76"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqvz-jfqh-jkaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20612?format=json","vulnerability_id":"VCID-zm3a-mf2z-xfcm","summary":"AIOHTTP Vulnerable to Cookie Parser Warning Storm\n### Summary\nReading multiple invalid cookies can lead to a logging storm.\n\n### Impact\nIf the ``cookies`` attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header.\n\n----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69230","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02675","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02618","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02629","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02533","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02528","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02546","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02572","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02543","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02551","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02541","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02529","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02554","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69230"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69230","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69230"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69230","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69230"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427255","reference_id":"2427255","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427255"},{"reference_url":"https://github.com/advisories/GHSA-fh55-r93g-j68g","reference_id":"GHSA-fh55-r93g-j68g","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh55-r93g-j68g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994965?format=json","purl":"pkg:deb/debian/python-aiohttp@3.13.3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3"}],"aliases":["CVE-2025-69230","GHSA-fh55-r93g-j68g"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zm3a-mf2z-xfcm"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11528?format=json","vulnerability_id":"VCID-bcuu-jvzt-6fhn","summary":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49081.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49081.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49081","reference_id":"","reference_type":"","scores":[{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63902","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63928","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63886","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63983","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63985","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63973","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63965","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63937","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63955","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63967","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63953","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.6392","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49081"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/7835/files","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/pull/7835/files"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-250.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-250.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057163","reference_id":"1057163","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057163"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252235","reference_id":"2252235","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252235"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49081","reference_id":"CVE-2023-49081","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49081"},{"reference_url":"https://github.com/advisories/GHSA-q3qx-c6g2-7pw2","reference_id":"GHSA-q3qx-c6g2-7pw2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3qx-c6g2-7pw2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1057","reference_id":"RHSA-2024:1057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://usn.ubuntu.com/7642-1/","reference_id":"USN-7642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7642-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994963?format=json","purl":"pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ekqy-23wg-5ugu"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-jxqg-x9dh-z3hb"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-tn28-662n-vug8"},{"vulnerability":"VCID-ttq3-65ny-skdg"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1"}],"aliases":["CVE-2023-49081","GHSA-q3qx-c6g2-7pw2","PYSEC-2023-250"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bcuu-jvzt-6fhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19459?format=json","vulnerability_id":"VCID-bhkk-2b7c-wfgr","summary":"aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests\n### Summary\nAn attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests.\n\n### Impact\nAn attacker can stop the application from serving requests after sending a single request.\n\n-------\n\nFor anyone needing to patch older versions of aiohttp, the minimum diff needed to resolve the issue is (located in `_read_chunk_from_length()`):\n\n```diff\ndiff --git a/aiohttp/multipart.py b/aiohttp/multipart.py\nindex 227be605c..71fc2654a 100644\n--- a/aiohttp/multipart.py\n+++ b/aiohttp/multipart.py\n@@ -338,6 +338,8 @@ class BodyPartReader:\n         assert self._length is not None, \"Content-Length required for chunked read\"\n         chunk_size = min(size, self._length - self._read_bytes)\n         chunk = await self._content.read(chunk_size)\n+        if self._content.at_eof():\n+            self._at_eof = True\n         return chunk\n \n     async def _read_chunk_from_stream(self, size: int) -> bytes:\n```\n\nThis does however introduce some very minor issues with handling form data. So, if possible, it would be recommended to also backport the changes in:\nhttps://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19\nhttps://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597\nhttps://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30251.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30251.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30251","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56051","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55973","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55998","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55978","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58147","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58159","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58128","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58097","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58123","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58101","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58171","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58155","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58151","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30251"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30251","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30251"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30251","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30251"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/05/02/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/05/02/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070364","reference_id":"1070364","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070364"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278710","reference_id":"2278710","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278710"},{"reference_url":"https://github.com/advisories/GHSA-5m98-qgg9-wh84","reference_id":"GHSA-5m98-qgg9-wh84","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5m98-qgg9-wh84"},{"reference_url":"https://security.gentoo.org/glsa/202408-11","reference_id":"GLSA-202408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3781","reference_id":"RHSA-2024:3781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"},{"reference_url":"https://usn.ubuntu.com/7642-1/","reference_id":"USN-7642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7642-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994963?format=json","purl":"pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ekqy-23wg-5ugu"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-jxqg-x9dh-z3hb"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-tn28-662n-vug8"},{"vulnerability":"VCID-ttq3-65ny-skdg"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1"}],"aliases":["CVE-2024-30251","GHSA-5m98-qgg9-wh84"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhkk-2b7c-wfgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12062?format=json","vulnerability_id":"VCID-jxqg-x9dh-z3hb","summary":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input.  Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23829","reference_id":"","reference_type":"","scores":[{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64834","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64847","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64816","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.6659","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66588","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66617","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66674","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.6666","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66624","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66669","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.6665","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66636","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/3235","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/pull/3235"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/8074","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/"}],"url":"https://github.com/aio-libs/aiohttp/pull/8074"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/8074/files","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/pull/8074/files"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23829","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23829"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708","reference_id":"1062708","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261909","reference_id":"2261909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261909"},{"reference_url":"https://github.com/advisories/GHSA-8qpw-xqxj-h4r2","reference_id":"GHSA-8qpw-xqxj-h4r2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8qpw-xqxj-h4r2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/","reference_id":"ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://usn.ubuntu.com/7642-1/","reference_id":"USN-7642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7642-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994963?format=json","purl":"pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ekqy-23wg-5ugu"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-jxqg-x9dh-z3hb"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-tn28-662n-vug8"},{"vulnerability":"VCID-ttq3-65ny-skdg"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994964?format=json","purl":"pkg:deb/debian/python-aiohttp@3.11.16-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1"}],"aliases":["CVE-2024-23829","GHSA-8qpw-xqxj-h4r2","PYSEC-2024-26"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxqg-x9dh-z3hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11494?format=json","vulnerability_id":"VCID-pmr9-w1fc-93cm","summary":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47627.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47627.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47627","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46985","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46974","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.46937","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49252","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49307","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49303","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49295","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49321","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49271","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49298","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49342","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49346","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47627"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.8.6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.8.6"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-246.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-246.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249825","reference_id":"2249825","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249825"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47627","reference_id":"CVE-2023-47627","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47627"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U/","reference_id":"FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U/"},{"reference_url":"https://github.com/advisories/GHSA-gfw2-4jvh-wgfg","reference_id":"GHSA-gfw2-4jvh-wgfg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gfw2-4jvh-wgfg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1057","reference_id":"RHSA-2024:1057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://usn.ubuntu.com/7642-1/","reference_id":"USN-7642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7642-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35/","reference_id":"VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM/","reference_id":"WQYQL6WV535EEKSNH7KRARLLMOW5WXDM","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994963?format=json","purl":"pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ekqy-23wg-5ugu"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-jxqg-x9dh-z3hb"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-tn28-662n-vug8"},{"vulnerability":"VCID-ttq3-65ny-skdg"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1"}],"aliases":["CVE-2023-47627","GHSA-gfw2-4jvh-wgfg","PYSEC-2023-246"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmr9-w1fc-93cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12086?format=json","vulnerability_id":"VCID-pqus-ew4j-k7da","summary":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present.  Disabling follow_symlinks and using a reverse proxy are encouraged mitigations.  Version 3.9.2 fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23334.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23334.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23334","reference_id":"","reference_type":"","scores":[{"value":"0.93482","scoring_system":"epss","scoring_elements":"0.99823","published_at":"2026-04-16T12:55:00Z"},{"value":"0.93482","scoring_system":"epss","scoring_elements":"0.99822","published_at":"2026-04-11T12:55:00Z"},{"value":"0.93482","scoring_system":"epss","scoring_elements":"0.99828","published_at":"2026-04-29T12:55:00Z"},{"value":"0.93482","scoring_system":"epss","scoring_elements":"0.99821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.93482","scoring_system":"epss","scoring_elements":"0.99827","published_at":"2026-04-26T12:55:00Z"},{"value":"0.93482","scoring_system":"epss","scoring_elements":"0.99826","published_at":"2026-04-24T12:55:00Z"},{"value":"0.93482","scoring_system":"epss","scoring_elements":"0.99825","published_at":"2026-04-21T12:55:00Z"},{"value":"0.93482","scoring_system":"epss","scoring_elements":"0.99824","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23334"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23334","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23334"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/8079","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/"}],"url":"https://github.com/aio-libs/aiohttp/pull/8079"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/8079/files","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/pull/8079/files"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-24.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-24.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23334","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23334"},{"reference_url":"https://www.exploit-db.com/exploits/52474","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/52474"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062709","reference_id":"1062709","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062709"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261887","reference_id":"2261887","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261887"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/52474.txt","reference_id":"CVE-2024-23334","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/52474.txt"},{"reference_url":"https://github.com/advisories/GHSA-5h86-8mv2-jq9f","reference_id":"GHSA-5h86-8mv2-jq9f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5h86-8mv2-jq9f"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/","reference_id":"ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://usn.ubuntu.com/6991-1/","reference_id":"USN-6991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994963?format=json","purl":"pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ekqy-23wg-5ugu"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-jxqg-x9dh-z3hb"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-tn28-662n-vug8"},{"vulnerability":"VCID-ttq3-65ny-skdg"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1"}],"aliases":["CVE-2024-23334","GHSA-5h86-8mv2-jq9f","PYSEC-2024-24"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqus-ew4j-k7da"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11475?format=json","vulnerability_id":"VCID-t2aj-cszz-tyd7","summary":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47641.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47641.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47641","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54908","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54965","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54954","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54953","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54947","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54919","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54943","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54961","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54924","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54934","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54904","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57972","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57989","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47641"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:18:44Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371"},{"reference_url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.8.0","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/releases/tag/v3.8.0"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:18:44Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-247.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-247.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2250179","reference_id":"2250179","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2250179"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47641","reference_id":"CVE-2023-47641","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47641"},{"reference_url":"https://github.com/advisories/GHSA-xx9p-xxvh-7g8j","reference_id":"GHSA-xx9p-xxvh-7g8j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx9p-xxvh-7g8j"},{"reference_url":"https://security.gentoo.org/glsa/202408-11","reference_id":"GLSA-202408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994963?format=json","purl":"pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ekqy-23wg-5ugu"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-jxqg-x9dh-z3hb"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-tn28-662n-vug8"},{"vulnerability":"VCID-ttq3-65ny-skdg"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1"}],"aliases":["CVE-2023-47641","GHSA-xx9p-xxvh-7g8j","PYSEC-2023-247"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2aj-cszz-tyd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13026?format=json","vulnerability_id":"VCID-tn28-662n-vug8","summary":"aiohttp Cross-site Scripting vulnerability on index pages for static file handling\n### Summary\n\nA XSS vulnerability exists on index pages for static file handling.\n\n### Details\n\nWhen using `web.static(..., show_index=True)`, the resulting index pages do not escape file names.\n\nIf users can upload files with arbitrary filenames to the static directory, the server is vulnerable to XSS attacks.\n\n### Workaround\n\nWe have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected.\n\nOther users can disable `show_index` if unable to upgrade.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/pull/8319/files","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27306","reference_id":"","reference_type":"","scores":[{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69288","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6934","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72284","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72288","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73066","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73167","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73158","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73117","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73103","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73092","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73072","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73115","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73121","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73141","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/8319","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://github.com/aio-libs/aiohttp/pull/8319"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/8319/files","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/pull/8319/files"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27306","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27306"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665","reference_id":"1070665","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275989","reference_id":"2275989","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275989"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/","reference_id":"2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/"},{"reference_url":"https://github.com/advisories/GHSA-7gpw-8wmc-pm8g","reference_id":"GHSA-7gpw-8wmc-pm8g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7gpw-8wmc-pm8g"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/","reference_id":"NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3781","reference_id":"RHSA-2024:3781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5662","reference_id":"RHSA-2024:5662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"},{"reference_url":"https://usn.ubuntu.com/7642-1/","reference_id":"USN-7642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7642-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/","reference_id":"ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994963?format=json","purl":"pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ekqy-23wg-5ugu"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-jxqg-x9dh-z3hb"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-tn28-662n-vug8"},{"vulnerability":"VCID-ttq3-65ny-skdg"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994964?format=json","purl":"pkg:deb/debian/python-aiohttp@3.11.16-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1"}],"aliases":["CVE-2024-27306","GHSA-7gpw-8wmc-pm8g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tn28-662n-vug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11527?format=json","vulnerability_id":"VCID-ue33-na1g-rqa7","summary":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49082.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49082","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44596","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44773","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44749","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4482","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44826","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44772","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44802","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44786","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44783","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4473","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44791","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4477","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44675","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44668","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49082"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466"},{"reference_url":"https://github.com/aio-libs/aiohttp/pull/7806/files","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/pull/7806/files"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-251.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-251.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057164","reference_id":"1057164","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057164"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252248","reference_id":"2252248","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252248"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49082","reference_id":"CVE-2023-49082","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49082"},{"reference_url":"https://github.com/advisories/GHSA-qvrw-v9rv-5rjx","reference_id":"GHSA-qvrw-v9rv-5rjx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvrw-v9rv-5rjx"},{"reference_url":"https://security.gentoo.org/glsa/202408-11","reference_id":"GLSA-202408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1057","reference_id":"RHSA-2024:1057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://usn.ubuntu.com/7642-1/","reference_id":"USN-7642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7642-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994963?format=json","purl":"pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ekqy-23wg-5ugu"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-jxqg-x9dh-z3hb"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-tn28-662n-vug8"},{"vulnerability":"VCID-ttq3-65ny-skdg"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1"}],"aliases":["CVE-2023-49082","GHSA-qvrw-v9rv-5rjx","PYSEC-2023-251"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ue33-na1g-rqa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17515?format=json","vulnerability_id":"VCID-zrgm-47ph-x3g3","summary":"aiohttp allows request smuggling due to incorrect parsing of chunk extensions\n### Summary\nThe Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions.\n\n### Impact\nIf a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52304.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52304","reference_id":"","reference_type":"","scores":[{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63936","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63939","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63927","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63921","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63911","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63876","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63909","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63923","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.6391","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63892","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63842","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63858","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63885","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52304"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/aio-libs/aiohttp","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aio-libs/aiohttp"},{"reference_url":"https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T15:38:44Z/"}],"url":"https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71"},{"reference_url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T15:38:44Z/"}],"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52304","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52304"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088109","reference_id":"1088109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088109"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327130","reference_id":"2327130","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327130"},{"reference_url":"https://github.com/advisories/GHSA-8495-4g3g-x7pr","reference_id":"GHSA-8495-4g3g-x7pr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8495-4g3g-x7pr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10766","reference_id":"RHSA-2024:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11574","reference_id":"RHSA-2024:11574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0340","reference_id":"RHSA-2025:0340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0341","reference_id":"RHSA-2025:0341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0722","reference_id":"RHSA-2025:0722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0753","reference_id":"RHSA-2025:0753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1101","reference_id":"RHSA-2025:1101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1101"},{"reference_url":"https://usn.ubuntu.com/7642-1/","reference_id":"USN-7642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7642-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994963?format=json","purl":"pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19q4-vzzb-8uca"},{"vulnerability":"VCID-5f1f-mrwv-zucz"},{"vulnerability":"VCID-cg9h-fysf-xygf"},{"vulnerability":"VCID-d3pa-kwgz-vuag"},{"vulnerability":"VCID-drqp-x9gc-2qd3"},{"vulnerability":"VCID-ekqy-23wg-5ugu"},{"vulnerability":"VCID-ft9z-nd6x-27dz"},{"vulnerability":"VCID-g4rj-1kzy-pkft"},{"vulnerability":"VCID-hyh4-58xy-xfge"},{"vulnerability":"VCID-jxqg-x9dh-z3hb"},{"vulnerability":"VCID-k122-7d38-2ug5"},{"vulnerability":"VCID-kf4p-q9n9-ayhn"},{"vulnerability":"VCID-peyu-fxyx-ayde"},{"vulnerability":"VCID-qrus-4szm-c3bj"},{"vulnerability":"VCID-qt9z-6kwe-wbht"},{"vulnerability":"VCID-sjws-ddnq-fke2"},{"vulnerability":"VCID-t9gx-etxx-vkgb"},{"vulnerability":"VCID-tmjw-8cdt-7yf7"},{"vulnerability":"VCID-tn28-662n-vug8"},{"vulnerability":"VCID-ttq3-65ny-skdg"},{"vulnerability":"VCID-vqvz-jfqh-jkaz"},{"vulnerability":"VCID-zm3a-mf2z-xfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1"}],"aliases":["CVE-2024-52304","GHSA-8495-4g3g-x7pr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrgm-47ph-x3g3"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1"}