Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-aiohttp@3.11.16-1
Typedeb
Namespacedebian
Namepython-aiohttp
Version3.11.16-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.11.16-1+deb13u1
Latest_non_vulnerable_version3.13.5-1
Affected_by_vulnerabilities
0
url VCID-19q4-vzzb-8uca
vulnerability_id VCID-19q4-vzzb-8uca
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34519
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11693
published_at 2026-04-18T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.1165
published_at 2026-04-29T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11732
published_at 2026-04-26T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.11778
published_at 2026-04-24T12:55:00Z
4
value 0.00039
scoring_system epss
scoring_elements 0.1181
published_at 2026-04-21T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.12798
published_at 2026-05-05T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13105
published_at 2026-05-14T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13032
published_at 2026-05-12T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13007
published_at 2026-05-11T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13019
published_at 2026-05-09T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.12951
published_at 2026-05-07T12:55:00Z
11
value 0.00045
scoring_system epss
scoring_elements 0.13791
published_at 2026-04-04T12:55:00Z
12
value 0.00045
scoring_system epss
scoring_elements 0.13732
published_at 2026-04-02T12:55:00Z
13
value 0.00059
scoring_system epss
scoring_elements 0.18423
published_at 2026-04-09T12:55:00Z
14
value 0.00059
scoring_system epss
scoring_elements 0.18422
published_at 2026-04-11T12:55:00Z
15
value 0.00059
scoring_system epss
scoring_elements 0.18268
published_at 2026-04-16T12:55:00Z
16
value 0.00059
scoring_system epss
scoring_elements 0.18323
published_at 2026-04-13T12:55:00Z
17
value 0.00059
scoring_system epss
scoring_elements 0.18375
published_at 2026-04-12T12:55:00Z
18
value 0.00059
scoring_system epss
scoring_elements 0.18287
published_at 2026-04-07T12:55:00Z
19
value 0.00059
scoring_system epss
scoring_elements 0.1837
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34519
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34519
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:40:04Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34519
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34519
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454100
reference_id 2454100
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454100
11
reference_url https://github.com/advisories/GHSA-mwh4-6h8g-pg8w
reference_id GHSA-mwh4-6h8g-pg8w
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwh4-6h8g-pg8w
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34519, GHSA-mwh4-6h8g-pg8w
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19q4-vzzb-8uca
1
url VCID-5f1f-mrwv-zucz
vulnerability_id VCID-5f1f-mrwv-zucz
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34513
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.122
published_at 2026-04-02T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.12245
published_at 2026-04-04T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16263
published_at 2026-04-24T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16369
published_at 2026-04-21T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16335
published_at 2026-04-18T12:55:00Z
5
value 0.00052
scoring_system epss
scoring_elements 0.16315
published_at 2026-04-16T12:55:00Z
6
value 0.00052
scoring_system epss
scoring_elements 0.16386
published_at 2026-04-13T12:55:00Z
7
value 0.00052
scoring_system epss
scoring_elements 0.16446
published_at 2026-04-12T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16485
published_at 2026-04-11T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.165
published_at 2026-04-09T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16355
published_at 2026-04-07T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16441
published_at 2026-04-08T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.16218
published_at 2026-04-29T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16259
published_at 2026-04-26T12:55:00Z
14
value 0.00057
scoring_system epss
scoring_elements 0.17815
published_at 2026-05-14T12:55:00Z
15
value 0.00057
scoring_system epss
scoring_elements 0.17544
published_at 2026-05-05T12:55:00Z
16
value 0.00057
scoring_system epss
scoring_elements 0.17637
published_at 2026-05-07T12:55:00Z
17
value 0.00057
scoring_system epss
scoring_elements 0.17738
published_at 2026-05-09T12:55:00Z
18
value 0.00057
scoring_system epss
scoring_elements 0.17698
published_at 2026-05-11T12:55:00Z
19
value 0.00057
scoring_system epss
scoring_elements 0.17736
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34513
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34513
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34513
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34513
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454107
reference_id 2454107
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454107
11
reference_url https://github.com/advisories/GHSA-hcc4-c3v8-rx92
reference_id GHSA-hcc4-c3v8-rx92
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcc4-c3v8-rx92
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34513, GHSA-hcc4-c3v8-rx92
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5f1f-mrwv-zucz
2
url VCID-cg9h-fysf-xygf
vulnerability_id VCID-cg9h-fysf-xygf
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34516
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11462
published_at 2026-04-04T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.122
published_at 2026-04-02T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.1543
published_at 2026-04-11T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.15468
published_at 2026-04-09T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.15418
published_at 2026-04-08T12:55:00Z
5
value 0.0005
scoring_system epss
scoring_elements 0.1533
published_at 2026-04-07T12:55:00Z
6
value 0.0005
scoring_system epss
scoring_elements 0.15325
published_at 2026-04-13T12:55:00Z
7
value 0.0005
scoring_system epss
scoring_elements 0.15391
published_at 2026-04-12T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16218
published_at 2026-04-29T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16369
published_at 2026-04-21T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16335
published_at 2026-04-18T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16315
published_at 2026-04-16T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.16259
published_at 2026-04-26T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16263
published_at 2026-04-24T12:55:00Z
14
value 0.00057
scoring_system epss
scoring_elements 0.17815
published_at 2026-05-14T12:55:00Z
15
value 0.00057
scoring_system epss
scoring_elements 0.17544
published_at 2026-05-05T12:55:00Z
16
value 0.00057
scoring_system epss
scoring_elements 0.17637
published_at 2026-05-07T12:55:00Z
17
value 0.00057
scoring_system epss
scoring_elements 0.17738
published_at 2026-05-09T12:55:00Z
18
value 0.00057
scoring_system epss
scoring_elements 0.17698
published_at 2026-05-11T12:55:00Z
19
value 0.00057
scoring_system epss
scoring_elements 0.17736
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34516
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34516
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:11:32Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34516
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34516
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454112
reference_id 2454112
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454112
11
reference_url https://github.com/advisories/GHSA-m5qp-6w8w-w647
reference_id GHSA-m5qp-6w8w-w647
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m5qp-6w8w-w647
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34516, GHSA-m5qp-6w8w-w647
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg9h-fysf-xygf
3
url VCID-d3pa-kwgz-vuag
vulnerability_id VCID-d3pa-kwgz-vuag
summary 
AIOHTTP vulnerable to  denial of service through large payloads
### Summary
A request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing.

### Impact
If an application includes a handler that uses the `Request.post()` method, an attacker may be able to freeze the server by exhausting the memory.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69228
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.1932
published_at 2026-05-05T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.1943
published_at 2026-04-29T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19467
published_at 2026-04-26T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19479
published_at 2026-04-24T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19584
published_at 2026-04-21T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19572
published_at 2026-04-18T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19565
published_at 2026-04-16T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19587
published_at 2026-04-13T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19646
published_at 2026-04-12T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19695
published_at 2026-04-11T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19782
published_at 2026-04-02T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19689
published_at 2026-04-09T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19637
published_at 2026-04-08T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19557
published_at 2026-04-07T12:55:00Z
14
value 0.00063
scoring_system epss
scoring_elements 0.19835
published_at 2026-04-04T12:55:00Z
15
value 0.00082
scoring_system epss
scoring_elements 0.23842
published_at 2026-05-14T12:55:00Z
16
value 0.00082
scoring_system epss
scoring_elements 0.23714
published_at 2026-05-07T12:55:00Z
17
value 0.00082
scoring_system epss
scoring_elements 0.23784
published_at 2026-05-09T12:55:00Z
18
value 0.00082
scoring_system epss
scoring_elements 0.23729
published_at 2026-05-11T12:55:00Z
19
value 0.00082
scoring_system epss
scoring_elements 0.23748
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69228
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/
url https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69228
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69228
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427254
reference_id 2427254
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427254
9
reference_url https://github.com/advisories/GHSA-6jhg-hg63-jvvf
reference_id GHSA-6jhg-hg63-jvvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6jhg-hg63-jvvf
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:13545
reference_id RHSA-2026:13545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13545
12
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
13
reference_url https://access.redhat.com/errata/RHSA-2026:5809
reference_id RHSA-2026:5809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5809
14
reference_url https://access.redhat.com/errata/RHSA-2026:6761
reference_id RHSA-2026:6761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6761
15
reference_url https://access.redhat.com/errata/RHSA-2026:6762
reference_id RHSA-2026:6762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6762
16
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69228, GHSA-6jhg-hg63-jvvf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3pa-kwgz-vuag
4
url VCID-drqp-x9gc-2qd3
vulnerability_id VCID-drqp-x9gc-2qd3
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34518
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11175
published_at 2026-04-29T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11236
published_at 2026-04-26T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11277
published_at 2026-04-24T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.11337
published_at 2026-04-21T12:55:00Z
4
value 0.00038
scoring_system epss
scoring_elements 0.11208
published_at 2026-04-18T12:55:00Z
5
value 0.0004
scoring_system epss
scoring_elements 0.12245
published_at 2026-04-04T12:55:00Z
6
value 0.0004
scoring_system epss
scoring_elements 0.122
published_at 2026-04-02T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12492
published_at 2026-05-12T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.12467
published_at 2026-05-11T12:55:00Z
9
value 0.00041
scoring_system epss
scoring_elements 0.12472
published_at 2026-05-09T12:55:00Z
10
value 0.00041
scoring_system epss
scoring_elements 0.12269
published_at 2026-05-05T12:55:00Z
11
value 0.00041
scoring_system epss
scoring_elements 0.12406
published_at 2026-05-07T12:55:00Z
12
value 0.00041
scoring_system epss
scoring_elements 0.12558
published_at 2026-05-14T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.165
published_at 2026-04-09T12:55:00Z
14
value 0.00052
scoring_system epss
scoring_elements 0.16355
published_at 2026-04-07T12:55:00Z
15
value 0.00052
scoring_system epss
scoring_elements 0.16441
published_at 2026-04-08T12:55:00Z
16
value 0.00052
scoring_system epss
scoring_elements 0.16485
published_at 2026-04-11T12:55:00Z
17
value 0.00052
scoring_system epss
scoring_elements 0.16446
published_at 2026-04-12T12:55:00Z
18
value 0.00052
scoring_system epss
scoring_elements 0.16386
published_at 2026-04-13T12:55:00Z
19
value 0.00052
scoring_system epss
scoring_elements 0.16325
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34518
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34518
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:05:59Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34518
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34518
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454098
reference_id 2454098
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454098
11
reference_url https://github.com/advisories/GHSA-966j-vmvw-g2g9
reference_id GHSA-966j-vmvw-g2g9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-966j-vmvw-g2g9
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34518, GHSA-966j-vmvw-g2g9
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drqp-x9gc-2qd3
5
url VCID-ft9z-nd6x-27dz
vulnerability_id VCID-ft9z-nd6x-27dz
summary 
AIOHTTP has unicode match groups in regexes for ASCII protocol elements
### Summary

The parser allows non-ASCII decimals to be present in the Range header.

### Impact

There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability.

----

Patch: https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69225
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13725
published_at 2026-05-05T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.13843
published_at 2026-04-29T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.1391
published_at 2026-04-26T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.13936
published_at 2026-04-24T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.13905
published_at 2026-04-21T12:55:00Z
5
value 0.00045
scoring_system epss
scoring_elements 0.13833
published_at 2026-04-18T12:55:00Z
6
value 0.00045
scoring_system epss
scoring_elements 0.13839
published_at 2026-04-16T12:55:00Z
7
value 0.00045
scoring_system epss
scoring_elements 0.13935
published_at 2026-04-13T12:55:00Z
8
value 0.00045
scoring_system epss
scoring_elements 0.13985
published_at 2026-04-12T12:55:00Z
9
value 0.00045
scoring_system epss
scoring_elements 0.14022
published_at 2026-04-11T12:55:00Z
10
value 0.00045
scoring_system epss
scoring_elements 0.14072
published_at 2026-04-02T12:55:00Z
11
value 0.00045
scoring_system epss
scoring_elements 0.14067
published_at 2026-04-09T12:55:00Z
12
value 0.00045
scoring_system epss
scoring_elements 0.14014
published_at 2026-04-08T12:55:00Z
13
value 0.00045
scoring_system epss
scoring_elements 0.13932
published_at 2026-04-07T12:55:00Z
14
value 0.00045
scoring_system epss
scoring_elements 0.14126
published_at 2026-04-04T12:55:00Z
15
value 0.00056
scoring_system epss
scoring_elements 0.17353
published_at 2026-05-14T12:55:00Z
16
value 0.00056
scoring_system epss
scoring_elements 0.17169
published_at 2026-05-07T12:55:00Z
17
value 0.00056
scoring_system epss
scoring_elements 0.17262
published_at 2026-05-09T12:55:00Z
18
value 0.00056
scoring_system epss
scoring_elements 0.17231
published_at 2026-05-11T12:55:00Z
19
value 0.00056
scoring_system epss
scoring_elements 0.1727
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69225
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/
url https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69225
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69225
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427253
reference_id 2427253
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427253
9
reference_url https://github.com/advisories/GHSA-mqqc-3gqh-h2x8
reference_id GHSA-mqqc-3gqh-h2x8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqqc-3gqh-h2x8
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69225, GHSA-mqqc-3gqh-h2x8
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ft9z-nd6x-27dz
6
url VCID-g4rj-1kzy-pkft
vulnerability_id VCID-g4rj-1kzy-pkft
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34525
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24814
published_at 2026-04-02T12:55:00Z
1
value 0.00085
scoring_system epss
scoring_elements 0.24852
published_at 2026-04-04T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.2782
published_at 2026-04-09T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27777
published_at 2026-04-08T12:55:00Z
4
value 0.001
scoring_system epss
scoring_elements 0.27709
published_at 2026-04-07T12:55:00Z
5
value 0.001
scoring_system epss
scoring_elements 0.27734
published_at 2026-04-16T12:55:00Z
6
value 0.001
scoring_system epss
scoring_elements 0.27726
published_at 2026-04-13T12:55:00Z
7
value 0.001
scoring_system epss
scoring_elements 0.27783
published_at 2026-04-12T12:55:00Z
8
value 0.001
scoring_system epss
scoring_elements 0.27825
published_at 2026-04-11T12:55:00Z
9
value 0.00119
scoring_system epss
scoring_elements 0.30582
published_at 2026-04-26T12:55:00Z
10
value 0.00119
scoring_system epss
scoring_elements 0.3086
published_at 2026-04-21T12:55:00Z
11
value 0.00119
scoring_system epss
scoring_elements 0.30894
published_at 2026-04-18T12:55:00Z
12
value 0.00119
scoring_system epss
scoring_elements 0.30498
published_at 2026-04-29T12:55:00Z
13
value 0.00119
scoring_system epss
scoring_elements 0.30698
published_at 2026-04-24T12:55:00Z
14
value 0.0013
scoring_system epss
scoring_elements 0.32024
published_at 2026-05-14T12:55:00Z
15
value 0.0013
scoring_system epss
scoring_elements 0.31952
published_at 2026-05-05T12:55:00Z
16
value 0.0013
scoring_system epss
scoring_elements 0.32018
published_at 2026-05-07T12:55:00Z
17
value 0.0013
scoring_system epss
scoring_elements 0.32027
published_at 2026-05-09T12:55:00Z
18
value 0.0013
scoring_system epss
scoring_elements 0.31932
published_at 2026-05-11T12:55:00Z
19
value 0.0013
scoring_system epss
scoring_elements 0.31955
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34525
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34525
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000
6
reference_url https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349
7
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34525
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34525
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454096
reference_id 2454096
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454096
12
reference_url https://github.com/advisories/GHSA-c427-h43c-vf67
reference_id GHSA-c427-h43c-vf67
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c427-h43c-vf67
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34525, GHSA-c427-h43c-vf67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g4rj-1kzy-pkft
7
url VCID-hyh4-58xy-xfge
vulnerability_id VCID-hyh4-58xy-xfge
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34517
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12245
published_at 2026-04-04T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.122
published_at 2026-04-02T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.15817
published_at 2026-04-24T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15796
published_at 2026-04-21T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15753
published_at 2026-04-18T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.15744
published_at 2026-04-16T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15771
published_at 2026-04-29T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15814
published_at 2026-04-26T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16485
published_at 2026-04-11T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.165
published_at 2026-04-09T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16441
published_at 2026-04-08T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16355
published_at 2026-04-07T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.16386
published_at 2026-04-13T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16446
published_at 2026-04-12T12:55:00Z
14
value 0.00056
scoring_system epss
scoring_elements 0.17369
published_at 2026-05-14T12:55:00Z
15
value 0.00056
scoring_system epss
scoring_elements 0.17095
published_at 2026-05-05T12:55:00Z
16
value 0.00056
scoring_system epss
scoring_elements 0.17184
published_at 2026-05-07T12:55:00Z
17
value 0.00056
scoring_system epss
scoring_elements 0.17277
published_at 2026-05-09T12:55:00Z
18
value 0.00056
scoring_system epss
scoring_elements 0.17248
published_at 2026-05-11T12:55:00Z
19
value 0.00056
scoring_system epss
scoring_elements 0.17287
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34517
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34517
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34517
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34517
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454095
reference_id 2454095
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454095
11
reference_url https://github.com/advisories/GHSA-3wq7-rqq7-wx6j
reference_id GHSA-3wq7-rqq7-wx6j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3wq7-rqq7-wx6j
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34517, GHSA-3wq7-rqq7-wx6j
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyh4-58xy-xfge
8
url VCID-k122-7d38-2ug5
vulnerability_id VCID-k122-7d38-2ug5
summary 
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
### Summary
The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request.

### Impact
If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.

----

Patch: https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53643.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53643
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23078
published_at 2026-04-07T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23245
published_at 2026-04-02T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.23289
published_at 2026-04-04T12:55:00Z
3
value 0.00078
scoring_system epss
scoring_elements 0.23152
published_at 2026-04-08T12:55:00Z
4
value 0.00086
scoring_system epss
scoring_elements 0.24925
published_at 2026-04-09T12:55:00Z
5
value 0.00086
scoring_system epss
scoring_elements 0.24858
published_at 2026-04-16T12:55:00Z
6
value 0.00086
scoring_system epss
scoring_elements 0.24847
published_at 2026-04-13T12:55:00Z
7
value 0.00086
scoring_system epss
scoring_elements 0.24852
published_at 2026-04-18T12:55:00Z
8
value 0.00086
scoring_system epss
scoring_elements 0.24716
published_at 2026-04-29T12:55:00Z
9
value 0.00086
scoring_system epss
scoring_elements 0.24762
published_at 2026-04-26T12:55:00Z
10
value 0.00086
scoring_system epss
scoring_elements 0.24773
published_at 2026-04-24T12:55:00Z
11
value 0.00086
scoring_system epss
scoring_elements 0.2483
published_at 2026-04-21T12:55:00Z
12
value 0.00086
scoring_system epss
scoring_elements 0.24901
published_at 2026-04-12T12:55:00Z
13
value 0.00086
scoring_system epss
scoring_elements 0.2494
published_at 2026-04-11T12:55:00Z
14
value 0.00094
scoring_system epss
scoring_elements 0.25958
published_at 2026-05-09T12:55:00Z
15
value 0.00094
scoring_system epss
scoring_elements 0.25843
published_at 2026-05-05T12:55:00Z
16
value 0.00094
scoring_system epss
scoring_elements 0.25902
published_at 2026-05-07T12:55:00Z
17
value 0.00341
scoring_system epss
scoring_elements 0.56846
published_at 2026-05-14T12:55:00Z
18
value 0.00341
scoring_system epss
scoring_elements 0.56759
published_at 2026-05-11T12:55:00Z
19
value 0.00341
scoring_system epss
scoring_elements 0.56783
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53643
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/
url https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T14:43:18Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53643
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53643
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336
reference_id 1109336
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109336
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2380000
reference_id 2380000
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2380000
10
reference_url https://github.com/advisories/GHSA-9548-qrrj-x5pj
reference_id GHSA-9548-qrrj-x5pj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9548-qrrj-x5pj
11
reference_url https://access.redhat.com/errata/RHSA-2025:22759
reference_id RHSA-2025:22759
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22759
12
reference_url https://access.redhat.com/errata/RHSA-2025:22939
reference_id RHSA-2025:22939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22939
13
reference_url https://access.redhat.com/errata/RHSA-2025:22944
reference_id RHSA-2025:22944
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22944
14
reference_url https://access.redhat.com/errata/RHSA-2025:23531
reference_id RHSA-2025:23531
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23531
15
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
16
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
17
reference_url https://access.redhat.com/errata/RHSA-2026:2760
reference_id RHSA-2026:2760
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2760
18
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-53643, GHSA-9548-qrrj-x5pj
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k122-7d38-2ug5
9
url VCID-kf4p-q9n9-ayhn
vulnerability_id VCID-kf4p-q9n9-ayhn
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22815
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11462
published_at 2026-04-04T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.122
published_at 2026-04-02T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16432
published_at 2026-04-08T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16263
published_at 2026-04-24T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16369
published_at 2026-04-21T12:55:00Z
5
value 0.00052
scoring_system epss
scoring_elements 0.16335
published_at 2026-04-18T12:55:00Z
6
value 0.00052
scoring_system epss
scoring_elements 0.16315
published_at 2026-04-16T12:55:00Z
7
value 0.00052
scoring_system epss
scoring_elements 0.16375
published_at 2026-04-13T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16436
published_at 2026-04-12T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16475
published_at 2026-04-11T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16346
published_at 2026-04-07T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16491
published_at 2026-04-09T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.16218
published_at 2026-04-29T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16259
published_at 2026-04-26T12:55:00Z
14
value 0.00057
scoring_system epss
scoring_elements 0.17736
published_at 2026-05-12T12:55:00Z
15
value 0.00057
scoring_system epss
scoring_elements 0.17698
published_at 2026-05-11T12:55:00Z
16
value 0.00057
scoring_system epss
scoring_elements 0.17738
published_at 2026-05-09T12:55:00Z
17
value 0.00057
scoring_system epss
scoring_elements 0.17637
published_at 2026-05-07T12:55:00Z
18
value 0.00057
scoring_system epss
scoring_elements 0.17544
published_at 2026-05-05T12:55:00Z
19
value 0.00057
scoring_system epss
scoring_elements 0.17815
published_at 2026-05-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22815
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22815
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:09:26Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22815
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22815
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454093
reference_id 2454093
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454093
11
reference_url https://github.com/advisories/GHSA-w2fm-2cpv-w7v5
reference_id GHSA-w2fm-2cpv-w7v5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2fm-2cpv-w7v5
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-22815, GHSA-w2fm-2cpv-w7v5
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kf4p-q9n9-ayhn
10
url VCID-peyu-fxyx-ayde
vulnerability_id VCID-peyu-fxyx-ayde
summary 
AIOHTTP vulnerable to DoS through chunked messages
### Summary

Handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks.

### Impact

If an application makes use of the `request.read()` method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
Patch: https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69229
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.1599
published_at 2026-05-05T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16113
published_at 2026-04-29T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16152
published_at 2026-04-26T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16154
published_at 2026-04-24T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16261
published_at 2026-04-21T12:55:00Z
5
value 0.00052
scoring_system epss
scoring_elements 0.16223
published_at 2026-04-18T12:55:00Z
6
value 0.00052
scoring_system epss
scoring_elements 0.16204
published_at 2026-04-16T12:55:00Z
7
value 0.00052
scoring_system epss
scoring_elements 0.16268
published_at 2026-04-13T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16336
published_at 2026-04-12T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16375
published_at 2026-04-11T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16392
published_at 2026-04-09T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16328
published_at 2026-04-08T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.16391
published_at 2026-04-02T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16454
published_at 2026-04-04T12:55:00Z
14
value 0.00052
scoring_system epss
scoring_elements 0.16243
published_at 2026-04-07T12:55:00Z
15
value 0.00067
scoring_system epss
scoring_elements 0.20693
published_at 2026-05-14T12:55:00Z
16
value 0.00067
scoring_system epss
scoring_elements 0.20533
published_at 2026-05-07T12:55:00Z
17
value 0.00067
scoring_system epss
scoring_elements 0.20621
published_at 2026-05-09T12:55:00Z
18
value 0.00067
scoring_system epss
scoring_elements 0.20597
published_at 2026-05-11T12:55:00Z
19
value 0.00067
scoring_system epss
scoring_elements 0.20612
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69229
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
6
reference_url https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69229
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69229
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427257
reference_id 2427257
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427257
10
reference_url https://github.com/advisories/GHSA-g84x-mcqj-x9qq
reference_id GHSA-g84x-mcqj-x9qq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g84x-mcqj-x9qq
11
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69229, GHSA-g84x-mcqj-x9qq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-peyu-fxyx-ayde
11
url VCID-qrus-4szm-c3bj
vulnerability_id VCID-qrus-4szm-c3bj
summary 
AIOHTTP's unicode processing of header values could cause parsing discrepancies
### Summary
The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters.

### Impact
If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.

------

Patch: https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69224
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13027
published_at 2026-05-05T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13124
published_at 2026-04-29T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13228
published_at 2026-04-26T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13256
published_at 2026-04-24T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.13251
published_at 2026-04-21T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.13164
published_at 2026-04-18T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13165
published_at 2026-04-16T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13259
published_at 2026-04-13T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13308
published_at 2026-04-12T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13346
published_at 2026-04-11T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.13383
published_at 2026-04-02T12:55:00Z
11
value 0.00043
scoring_system epss
scoring_elements 0.13376
published_at 2026-04-09T12:55:00Z
12
value 0.00043
scoring_system epss
scoring_elements 0.13325
published_at 2026-04-08T12:55:00Z
13
value 0.00043
scoring_system epss
scoring_elements 0.13447
published_at 2026-04-04T12:55:00Z
14
value 0.00043
scoring_system epss
scoring_elements 0.13243
published_at 2026-04-07T12:55:00Z
15
value 0.00053
scoring_system epss
scoring_elements 0.16569
published_at 2026-05-14T12:55:00Z
16
value 0.00053
scoring_system epss
scoring_elements 0.16392
published_at 2026-05-07T12:55:00Z
17
value 0.00053
scoring_system epss
scoring_elements 0.16498
published_at 2026-05-09T12:55:00Z
18
value 0.00053
scoring_system epss
scoring_elements 0.16463
published_at 2026-05-11T12:55:00Z
19
value 0.00053
scoring_system epss
scoring_elements 0.16497
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69224
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/
url https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69224
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69224
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427246
reference_id 2427246
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427246
9
reference_url https://github.com/advisories/GHSA-69f9-5gxw-wvc2
reference_id GHSA-69f9-5gxw-wvc2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-69f9-5gxw-wvc2
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69224, GHSA-69f9-5gxw-wvc2
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrus-4szm-c3bj
12
url VCID-qt9z-6kwe-wbht
vulnerability_id VCID-qt9z-6kwe-wbht
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34514
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11694
published_at 2026-04-16T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11693
published_at 2026-04-18T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.1165
published_at 2026-04-29T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.11732
published_at 2026-04-26T12:55:00Z
4
value 0.00039
scoring_system epss
scoring_elements 0.11778
published_at 2026-04-24T12:55:00Z
5
value 0.00039
scoring_system epss
scoring_elements 0.1181
published_at 2026-04-21T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.12951
published_at 2026-05-07T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13105
published_at 2026-05-14T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13019
published_at 2026-05-09T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.12798
published_at 2026-05-05T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.13032
published_at 2026-05-12T12:55:00Z
11
value 0.00043
scoring_system epss
scoring_elements 0.13007
published_at 2026-05-11T12:55:00Z
12
value 0.00045
scoring_system epss
scoring_elements 0.13732
published_at 2026-04-02T12:55:00Z
13
value 0.00045
scoring_system epss
scoring_elements 0.13791
published_at 2026-04-04T12:55:00Z
14
value 0.00059
scoring_system epss
scoring_elements 0.18422
published_at 2026-04-11T12:55:00Z
15
value 0.00059
scoring_system epss
scoring_elements 0.18423
published_at 2026-04-09T12:55:00Z
16
value 0.00059
scoring_system epss
scoring_elements 0.18375
published_at 2026-04-12T12:55:00Z
17
value 0.00059
scoring_system epss
scoring_elements 0.18323
published_at 2026-04-13T12:55:00Z
18
value 0.00059
scoring_system epss
scoring_elements 0.18287
published_at 2026-04-07T12:55:00Z
19
value 0.00059
scoring_system epss
scoring_elements 0.1837
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34514
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34514
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:07:10Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34514
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34514
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454102
reference_id 2454102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454102
11
reference_url https://github.com/advisories/GHSA-2vrm-gr82-f7m5
reference_id GHSA-2vrm-gr82-f7m5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2vrm-gr82-f7m5
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34514, GHSA-2vrm-gr82-f7m5
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qt9z-6kwe-wbht
13
url VCID-sjws-ddnq-fke2
vulnerability_id VCID-sjws-ddnq-fke2
summary 
AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
### Summary
A zip bomb can be used to execute a DoS against the aiohttp server.

### Impact
An attacker may be able to send a compressed request that when decompressed by aiohttp could exhaust the host's memory.

------

Patch: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69223
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.1932
published_at 2026-05-05T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.1943
published_at 2026-04-29T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19467
published_at 2026-04-26T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19479
published_at 2026-04-24T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19584
published_at 2026-04-21T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19572
published_at 2026-04-18T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19565
published_at 2026-04-16T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19587
published_at 2026-04-13T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19646
published_at 2026-04-12T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19695
published_at 2026-04-11T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19782
published_at 2026-04-02T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19689
published_at 2026-04-09T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19637
published_at 2026-04-08T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19557
published_at 2026-04-07T12:55:00Z
14
value 0.00063
scoring_system epss
scoring_elements 0.19835
published_at 2026-04-04T12:55:00Z
15
value 0.00082
scoring_system epss
scoring_elements 0.23842
published_at 2026-05-14T12:55:00Z
16
value 0.00082
scoring_system epss
scoring_elements 0.23714
published_at 2026-05-07T12:55:00Z
17
value 0.00082
scoring_system epss
scoring_elements 0.23784
published_at 2026-05-09T12:55:00Z
18
value 0.00082
scoring_system epss
scoring_elements 0.23729
published_at 2026-05-11T12:55:00Z
19
value 0.00082
scoring_system epss
scoring_elements 0.23748
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69223
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/
url https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69223
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69223
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427456
reference_id 2427456
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427456
9
reference_url https://github.com/advisories/GHSA-6mq8-rvhq-8wgg
reference_id GHSA-6mq8-rvhq-8wgg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mq8-rvhq-8wgg
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
12
reference_url https://access.redhat.com/errata/RHSA-2026:1497
reference_id RHSA-2026:1497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1497
13
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
14
reference_url https://access.redhat.com/errata/RHSA-2026:1596
reference_id RHSA-2026:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1596
15
reference_url https://access.redhat.com/errata/RHSA-2026:1599
reference_id RHSA-2026:1599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1599
16
reference_url https://access.redhat.com/errata/RHSA-2026:1609
reference_id RHSA-2026:1609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1609
17
reference_url https://access.redhat.com/errata/RHSA-2026:2106
reference_id RHSA-2026:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2106
18
reference_url https://access.redhat.com/errata/RHSA-2026:2695
reference_id RHSA-2026:2695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2695
19
reference_url https://access.redhat.com/errata/RHSA-2026:3461
reference_id RHSA-2026:3461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3461
20
reference_url https://access.redhat.com/errata/RHSA-2026:3462
reference_id RHSA-2026:3462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3462
21
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
22
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
23
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
24
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
25
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
26
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
27
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
28
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
29
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69223, GHSA-6mq8-rvhq-8wgg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjws-ddnq-fke2
14
url VCID-t9gx-etxx-vkgb
vulnerability_id VCID-t9gx-etxx-vkgb
summary 
AIOHTTP vulnerable to DoS when bypassing asserts
### Summary
When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body.

### Impact
If optimisations are enabled (`-O` or `PYTHONOPTIMIZE=1`), and the application includes a handler that uses the `Request.post()` method, then an attacker may be able to execute a DoS attack with a specially crafted message.

------

Patch: https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69227
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.1932
published_at 2026-05-05T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.1943
published_at 2026-04-29T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19467
published_at 2026-04-26T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19479
published_at 2026-04-24T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19584
published_at 2026-04-21T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19572
published_at 2026-04-18T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19565
published_at 2026-04-16T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19587
published_at 2026-04-13T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19646
published_at 2026-04-12T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19695
published_at 2026-04-11T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19782
published_at 2026-04-02T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19689
published_at 2026-04-09T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19637
published_at 2026-04-08T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19557
published_at 2026-04-07T12:55:00Z
14
value 0.00063
scoring_system epss
scoring_elements 0.19835
published_at 2026-04-04T12:55:00Z
15
value 0.00082
scoring_system epss
scoring_elements 0.23842
published_at 2026-05-14T12:55:00Z
16
value 0.00082
scoring_system epss
scoring_elements 0.23714
published_at 2026-05-07T12:55:00Z
17
value 0.00082
scoring_system epss
scoring_elements 0.23784
published_at 2026-05-09T12:55:00Z
18
value 0.00082
scoring_system epss
scoring_elements 0.23729
published_at 2026-05-11T12:55:00Z
19
value 0.00082
scoring_system epss
scoring_elements 0.23748
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69227
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/
url https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69227
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69227
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427256
reference_id 2427256
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427256
9
reference_url https://github.com/advisories/GHSA-jj3x-wxrx-4x23
reference_id GHSA-jj3x-wxrx-4x23
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jj3x-wxrx-4x23
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:13545
reference_id RHSA-2026:13545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13545
12
reference_url https://access.redhat.com/errata/RHSA-2026:13553
reference_id RHSA-2026:13553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13553
13
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
14
reference_url https://access.redhat.com/errata/RHSA-2026:5809
reference_id RHSA-2026:5809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5809
15
reference_url https://access.redhat.com/errata/RHSA-2026:6761
reference_id RHSA-2026:6761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6761
16
reference_url https://access.redhat.com/errata/RHSA-2026:6762
reference_id RHSA-2026:6762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6762
17
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69227, GHSA-jj3x-wxrx-4x23
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9gx-etxx-vkgb
15
url VCID-tmjw-8cdt-7yf7
vulnerability_id VCID-tmjw-8cdt-7yf7
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34520
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13027
published_at 2026-04-04T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.13732
published_at 2026-04-02T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17488
published_at 2026-04-11T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17329
published_at 2026-04-16T12:55:00Z
4
value 0.00055
scoring_system epss
scoring_elements 0.17387
published_at 2026-04-13T12:55:00Z
5
value 0.00055
scoring_system epss
scoring_elements 0.17325
published_at 2026-04-07T12:55:00Z
6
value 0.00055
scoring_system epss
scoring_elements 0.17416
published_at 2026-04-08T12:55:00Z
7
value 0.00055
scoring_system epss
scoring_elements 0.17476
published_at 2026-04-09T12:55:00Z
8
value 0.00055
scoring_system epss
scoring_elements 0.17441
published_at 2026-04-12T12:55:00Z
9
value 0.00057
scoring_system epss
scoring_elements 0.17912
published_at 2026-04-18T12:55:00Z
10
value 0.00057
scoring_system epss
scoring_elements 0.17836
published_at 2026-04-26T12:55:00Z
11
value 0.00057
scoring_system epss
scoring_elements 0.17858
published_at 2026-04-24T12:55:00Z
12
value 0.00057
scoring_system epss
scoring_elements 0.17799
published_at 2026-04-29T12:55:00Z
13
value 0.00057
scoring_system epss
scoring_elements 0.17948
published_at 2026-04-21T12:55:00Z
14
value 0.00063
scoring_system epss
scoring_elements 0.19304
published_at 2026-05-11T12:55:00Z
15
value 0.00063
scoring_system epss
scoring_elements 0.19438
published_at 2026-05-14T12:55:00Z
16
value 0.00063
scoring_system epss
scoring_elements 0.1917
published_at 2026-05-05T12:55:00Z
17
value 0.00063
scoring_system epss
scoring_elements 0.19252
published_at 2026-05-07T12:55:00Z
18
value 0.00063
scoring_system epss
scoring_elements 0.1934
published_at 2026-05-12T12:55:00Z
19
value 0.00063
scoring_system epss
scoring_elements 0.19342
published_at 2026-05-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34520
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34520
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:13:19Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34520
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34520
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
reference_id 1132582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132582
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454094
reference_id 2454094
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454094
11
reference_url https://github.com/advisories/GHSA-63hf-3vf5-4wqf
reference_id GHSA-63hf-3vf5-4wqf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-63hf-3vf5-4wqf
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.5-1
purl pkg:deb/debian/python-aiohttp@3.13.5-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1
aliases CVE-2026-34520, GHSA-63hf-3vf5-4wqf
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tmjw-8cdt-7yf7
16
url VCID-vqvz-jfqh-jkaz
vulnerability_id VCID-vqvz-jfqh-jkaz
summary 
AIOHTTP vulnerable to brute-force leak of internal static file path components
### Summary
Path normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the
existence of absolute path components.

### Impact
If an application uses `web.static()` (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components.

------

Patch: https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69226
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19458
published_at 2026-05-05T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.19575
published_at 2026-04-29T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19611
published_at 2026-04-26T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19625
published_at 2026-04-24T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.1973
published_at 2026-04-21T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19718
published_at 2026-04-18T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19716
published_at 2026-04-16T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19741
published_at 2026-04-13T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19798
published_at 2026-04-12T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19843
published_at 2026-04-11T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19927
published_at 2026-04-02T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.1984
published_at 2026-04-09T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19788
published_at 2026-04-08T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19982
published_at 2026-04-04T12:55:00Z
14
value 0.00063
scoring_system epss
scoring_elements 0.19708
published_at 2026-04-07T12:55:00Z
15
value 0.0007
scoring_system epss
scoring_elements 0.21413
published_at 2026-05-14T12:55:00Z
16
value 0.0007
scoring_system epss
scoring_elements 0.2125
published_at 2026-05-07T12:55:00Z
17
value 0.0007
scoring_system epss
scoring_elements 0.21339
published_at 2026-05-09T12:55:00Z
18
value 0.0007
scoring_system epss
scoring_elements 0.21315
published_at 2026-05-11T12:55:00Z
19
value 0.0007
scoring_system epss
scoring_elements 0.21336
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69226
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/
url https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69226
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69226
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427245
reference_id 2427245
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427245
9
reference_url https://github.com/advisories/GHSA-54jq-c3m8-4m76
reference_id GHSA-54jq-c3m8-4m76
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54jq-c3m8-4m76
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69226, GHSA-54jq-c3m8-4m76
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqvz-jfqh-jkaz
17
url VCID-zm3a-mf2z-xfcm
vulnerability_id VCID-zm3a-mf2z-xfcm
summary 
AIOHTTP Vulnerable to Cookie Parser Warning Storm
### Summary
Reading multiple invalid cookies can lead to a logging storm.

### Impact
If the ``cookies`` attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header.

----

Patch: https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69230
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02649
published_at 2026-05-05T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02675
published_at 2026-04-29T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02618
published_at 2026-04-26T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02629
published_at 2026-04-24T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02641
published_at 2026-04-21T12:55:00Z
5
value 0.00014
scoring_system epss
scoring_elements 0.02533
published_at 2026-04-18T12:55:00Z
6
value 0.00014
scoring_system epss
scoring_elements 0.02528
published_at 2026-04-16T12:55:00Z
7
value 0.00014
scoring_system epss
scoring_elements 0.02541
published_at 2026-04-13T12:55:00Z
8
value 0.00014
scoring_system epss
scoring_elements 0.02554
published_at 2026-04-11T12:55:00Z
9
value 0.00014
scoring_system epss
scoring_elements 0.02572
published_at 2026-04-09T12:55:00Z
10
value 0.00014
scoring_system epss
scoring_elements 0.02529
published_at 2026-04-02T12:55:00Z
11
value 0.00014
scoring_system epss
scoring_elements 0.02551
published_at 2026-04-08T12:55:00Z
12
value 0.00014
scoring_system epss
scoring_elements 0.02543
published_at 2026-04-12T12:55:00Z
13
value 0.00014
scoring_system epss
scoring_elements 0.02546
published_at 2026-04-07T12:55:00Z
14
value 0.00015
scoring_system epss
scoring_elements 0.03494
published_at 2026-05-14T12:55:00Z
15
value 0.00015
scoring_system epss
scoring_elements 0.03409
published_at 2026-05-07T12:55:00Z
16
value 0.00015
scoring_system epss
scoring_elements 0.03447
published_at 2026-05-09T12:55:00Z
17
value 0.00015
scoring_system epss
scoring_elements 0.03451
published_at 2026-05-11T12:55:00Z
18
value 0.00015
scoring_system epss
scoring_elements 0.03458
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69230
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69230
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69230
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/
url https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69230
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69230
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427255
reference_id 2427255
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427255
9
reference_url https://github.com/advisories/GHSA-fh55-r93g-j68g
reference_id GHSA-fh55-r93g-j68g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh55-r93g-j68g
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
1
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69230, GHSA-fh55-r93g-j68g
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zm3a-mf2z-xfcm
Fixing_vulnerabilities
0
url VCID-d3pa-kwgz-vuag
vulnerability_id VCID-d3pa-kwgz-vuag
summary 
AIOHTTP vulnerable to  denial of service through large payloads
### Summary
A request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing.

### Impact
If an application includes a handler that uses the `Request.post()` method, an attacker may be able to freeze the server by exhausting the memory.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69228.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69228
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.1932
published_at 2026-05-05T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.1943
published_at 2026-04-29T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19467
published_at 2026-04-26T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19479
published_at 2026-04-24T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19584
published_at 2026-04-21T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19572
published_at 2026-04-18T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19565
published_at 2026-04-16T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19587
published_at 2026-04-13T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19646
published_at 2026-04-12T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19695
published_at 2026-04-11T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19782
published_at 2026-04-02T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19689
published_at 2026-04-09T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19637
published_at 2026-04-08T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19557
published_at 2026-04-07T12:55:00Z
14
value 0.00063
scoring_system epss
scoring_elements 0.19835
published_at 2026-04-04T12:55:00Z
15
value 0.00082
scoring_system epss
scoring_elements 0.23842
published_at 2026-05-14T12:55:00Z
16
value 0.00082
scoring_system epss
scoring_elements 0.23714
published_at 2026-05-07T12:55:00Z
17
value 0.00082
scoring_system epss
scoring_elements 0.23784
published_at 2026-05-09T12:55:00Z
18
value 0.00082
scoring_system epss
scoring_elements 0.23729
published_at 2026-05-11T12:55:00Z
19
value 0.00082
scoring_system epss
scoring_elements 0.23748
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69228
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69228
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/
url https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:03Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69228
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69228
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427254
reference_id 2427254
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427254
9
reference_url https://github.com/advisories/GHSA-6jhg-hg63-jvvf
reference_id GHSA-6jhg-hg63-jvvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6jhg-hg63-jvvf
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:13545
reference_id RHSA-2026:13545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13545
12
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
13
reference_url https://access.redhat.com/errata/RHSA-2026:5809
reference_id RHSA-2026:5809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5809
14
reference_url https://access.redhat.com/errata/RHSA-2026:6761
reference_id RHSA-2026:6761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6761
15
reference_url https://access.redhat.com/errata/RHSA-2026:6762
reference_id RHSA-2026:6762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6762
16
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
1
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
2
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69228, GHSA-6jhg-hg63-jvvf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3pa-kwgz-vuag
1
url VCID-ekqy-23wg-5ugu
vulnerability_id VCID-ekqy-23wg-5ugu
summary 
In aiohttp, compressed files as symlinks are not protected from path traversal
### Summary
Static routes which contain files with compressed variants (`.gz` or `.br` extension) were vulnerable to path traversal outside the root directory if those variants are symbolic links.

### Details
The server protects static routes from path traversal outside the root directory when `follow_symlinks=False` (default).  It does this by resolving the requested URL to an absolute path and then checking that path relative to the root.  However, these checks are not performed when looking for compressed variants in the `FileResponse` class, and symbolic links are then automatically followed when performing `Path.stat()` and `Path.open()` to send the file.

### Impact
Servers with static routes that contain compressed variants as symbolic links, pointing outside the root directory, or that permit users to upload or create such links, are impacted.

----

Patch: https://github.com/aio-libs/aiohttp/pull/8653/files
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42367.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42367.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42367
reference_id
reference_type
scores
0
value 0.00352
scoring_system epss
scoring_elements 0.57694
published_at 2026-05-14T12:55:00Z
1
value 0.00352
scoring_system epss
scoring_elements 0.57627
published_at 2026-05-12T12:55:00Z
2
value 0.00352
scoring_system epss
scoring_elements 0.57599
published_at 2026-05-11T12:55:00Z
3
value 0.00352
scoring_system epss
scoring_elements 0.57651
published_at 2026-05-09T12:55:00Z
4
value 0.00352
scoring_system epss
scoring_elements 0.57588
published_at 2026-05-07T12:55:00Z
5
value 0.00352
scoring_system epss
scoring_elements 0.57543
published_at 2026-05-05T12:55:00Z
6
value 0.00352
scoring_system epss
scoring_elements 0.57586
published_at 2026-04-29T12:55:00Z
7
value 0.00352
scoring_system epss
scoring_elements 0.57607
published_at 2026-04-26T12:55:00Z
8
value 0.00352
scoring_system epss
scoring_elements 0.57587
published_at 2026-04-24T12:55:00Z
9
value 0.00352
scoring_system epss
scoring_elements 0.57629
published_at 2026-04-21T12:55:00Z
10
value 0.00352
scoring_system epss
scoring_elements 0.57655
published_at 2026-04-16T12:55:00Z
11
value 0.00352
scoring_system epss
scoring_elements 0.57625
published_at 2026-04-13T12:55:00Z
12
value 0.00352
scoring_system epss
scoring_elements 0.57597
published_at 2026-04-02T12:55:00Z
13
value 0.00352
scoring_system epss
scoring_elements 0.57618
published_at 2026-04-04T12:55:00Z
14
value 0.00352
scoring_system epss
scoring_elements 0.57593
published_at 2026-04-07T12:55:00Z
15
value 0.00352
scoring_system epss
scoring_elements 0.57646
published_at 2026-04-08T12:55:00Z
16
value 0.00352
scoring_system epss
scoring_elements 0.5765
published_at 2026-04-18T12:55:00Z
17
value 0.00352
scoring_system epss
scoring_elements 0.57665
published_at 2026-04-11T12:55:00Z
18
value 0.00352
scoring_system epss
scoring_elements 0.57645
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42367
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
4
reference_url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_fileresponse.py#L177
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_fileresponse.py#L177
5
reference_url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_urldispatcher.py#L674
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_urldispatcher.py#L674
6
reference_url https://github.com/aio-libs/aiohttp/commit/ce2e9758814527589b10759a20783fb03b98339f
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/commit/ce2e9758814527589b10759a20783fb03b98339f
7
reference_url https://github.com/aio-libs/aiohttp/pull/8653
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/pull/8653
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42367
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42367
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2304394
reference_id 2304394
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2304394
11
reference_url https://github.com/advisories/GHSA-jwhx-xcg6-8xhj
reference_id GHSA-jwhx-xcg6-8xhj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwhx-xcg6-8xhj
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
aliases CVE-2024-42367, GHSA-jwhx-xcg6-8xhj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ekqy-23wg-5ugu
2
url VCID-ft9z-nd6x-27dz
vulnerability_id VCID-ft9z-nd6x-27dz
summary 
AIOHTTP has unicode match groups in regexes for ASCII protocol elements
### Summary

The parser allows non-ASCII decimals to be present in the Range header.

### Impact

There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability.

----

Patch: https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69225.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69225
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13725
published_at 2026-05-05T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.13843
published_at 2026-04-29T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.1391
published_at 2026-04-26T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.13936
published_at 2026-04-24T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.13905
published_at 2026-04-21T12:55:00Z
5
value 0.00045
scoring_system epss
scoring_elements 0.13833
published_at 2026-04-18T12:55:00Z
6
value 0.00045
scoring_system epss
scoring_elements 0.13839
published_at 2026-04-16T12:55:00Z
7
value 0.00045
scoring_system epss
scoring_elements 0.13935
published_at 2026-04-13T12:55:00Z
8
value 0.00045
scoring_system epss
scoring_elements 0.13985
published_at 2026-04-12T12:55:00Z
9
value 0.00045
scoring_system epss
scoring_elements 0.14022
published_at 2026-04-11T12:55:00Z
10
value 0.00045
scoring_system epss
scoring_elements 0.14072
published_at 2026-04-02T12:55:00Z
11
value 0.00045
scoring_system epss
scoring_elements 0.14067
published_at 2026-04-09T12:55:00Z
12
value 0.00045
scoring_system epss
scoring_elements 0.14014
published_at 2026-04-08T12:55:00Z
13
value 0.00045
scoring_system epss
scoring_elements 0.13932
published_at 2026-04-07T12:55:00Z
14
value 0.00045
scoring_system epss
scoring_elements 0.14126
published_at 2026-04-04T12:55:00Z
15
value 0.00056
scoring_system epss
scoring_elements 0.17353
published_at 2026-05-14T12:55:00Z
16
value 0.00056
scoring_system epss
scoring_elements 0.17169
published_at 2026-05-07T12:55:00Z
17
value 0.00056
scoring_system epss
scoring_elements 0.17262
published_at 2026-05-09T12:55:00Z
18
value 0.00056
scoring_system epss
scoring_elements 0.17231
published_at 2026-05-11T12:55:00Z
19
value 0.00056
scoring_system epss
scoring_elements 0.1727
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69225
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69225
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/
url https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:19Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69225
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69225
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427253
reference_id 2427253
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427253
9
reference_url https://github.com/advisories/GHSA-mqqc-3gqh-h2x8
reference_id GHSA-mqqc-3gqh-h2x8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqqc-3gqh-h2x8
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
1
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
2
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69225, GHSA-mqqc-3gqh-h2x8
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ft9z-nd6x-27dz
3
url VCID-jxqg-x9dh-z3hb
vulnerability_id VCID-jxqg-x9dh-z3hb
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23829
reference_id
reference_type
scores
0
value 0.00475
scoring_system epss
scoring_elements 0.64834
published_at 2026-04-24T12:55:00Z
1
value 0.00475
scoring_system epss
scoring_elements 0.64816
published_at 2026-04-21T12:55:00Z
2
value 0.00475
scoring_system epss
scoring_elements 0.64961
published_at 2026-05-14T12:55:00Z
3
value 0.00475
scoring_system epss
scoring_elements 0.64905
published_at 2026-05-12T12:55:00Z
4
value 0.00475
scoring_system epss
scoring_elements 0.64884
published_at 2026-05-11T12:55:00Z
5
value 0.00475
scoring_system epss
scoring_elements 0.64915
published_at 2026-05-09T12:55:00Z
6
value 0.00475
scoring_system epss
scoring_elements 0.64871
published_at 2026-05-07T12:55:00Z
7
value 0.00475
scoring_system epss
scoring_elements 0.64823
published_at 2026-05-05T12:55:00Z
8
value 0.00475
scoring_system epss
scoring_elements 0.64847
published_at 2026-04-26T12:55:00Z
9
value 0.00475
scoring_system epss
scoring_elements 0.64843
published_at 2026-04-29T12:55:00Z
10
value 0.00515
scoring_system epss
scoring_elements 0.66624
published_at 2026-04-13T12:55:00Z
11
value 0.00515
scoring_system epss
scoring_elements 0.6659
published_at 2026-04-02T12:55:00Z
12
value 0.00515
scoring_system epss
scoring_elements 0.66657
published_at 2026-04-12T12:55:00Z
13
value 0.00515
scoring_system epss
scoring_elements 0.66617
published_at 2026-04-04T12:55:00Z
14
value 0.00515
scoring_system epss
scoring_elements 0.66588
published_at 2026-04-07T12:55:00Z
15
value 0.00515
scoring_system epss
scoring_elements 0.66636
published_at 2026-04-08T12:55:00Z
16
value 0.00515
scoring_system epss
scoring_elements 0.6665
published_at 2026-04-09T12:55:00Z
17
value 0.00515
scoring_system epss
scoring_elements 0.66669
published_at 2026-04-11T12:55:00Z
18
value 0.00515
scoring_system epss
scoring_elements 0.66674
published_at 2026-04-18T12:55:00Z
19
value 0.00515
scoring_system epss
scoring_elements 0.6666
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23829
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
6
reference_url https://github.com/aio-libs/aiohttp/pull/3235
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/3235
7
reference_url https://github.com/aio-libs/aiohttp/pull/8074
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/pull/8074
8
reference_url https://github.com/aio-libs/aiohttp/pull/8074/files
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/8074/files
9
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
10
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml
12
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23829
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23829
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708
reference_id 1062708
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2261909
reference_id 2261909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2261909
19
reference_url https://github.com/advisories/GHSA-8qpw-xqxj-h4r2
reference_id GHSA-8qpw-xqxj-h4r2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8qpw-xqxj-h4r2
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
reference_id ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
21
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
22
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
aliases CVE-2024-23829, GHSA-8qpw-xqxj-h4r2, PYSEC-2024-26
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxqg-x9dh-z3hb
4
url VCID-peyu-fxyx-ayde
vulnerability_id VCID-peyu-fxyx-ayde
summary 
AIOHTTP vulnerable to DoS through chunked messages
### Summary

Handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks.

### Impact

If an application makes use of the `request.read()` method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
Patch: https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69229.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69229
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.1599
published_at 2026-05-05T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16113
published_at 2026-04-29T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16152
published_at 2026-04-26T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16154
published_at 2026-04-24T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16261
published_at 2026-04-21T12:55:00Z
5
value 0.00052
scoring_system epss
scoring_elements 0.16223
published_at 2026-04-18T12:55:00Z
6
value 0.00052
scoring_system epss
scoring_elements 0.16204
published_at 2026-04-16T12:55:00Z
7
value 0.00052
scoring_system epss
scoring_elements 0.16268
published_at 2026-04-13T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16336
published_at 2026-04-12T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16375
published_at 2026-04-11T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16392
published_at 2026-04-09T12:55:00Z
11
value 0.00052
scoring_system epss
scoring_elements 0.16328
published_at 2026-04-08T12:55:00Z
12
value 0.00052
scoring_system epss
scoring_elements 0.16391
published_at 2026-04-02T12:55:00Z
13
value 0.00052
scoring_system epss
scoring_elements 0.16454
published_at 2026-04-04T12:55:00Z
14
value 0.00052
scoring_system epss
scoring_elements 0.16243
published_at 2026-04-07T12:55:00Z
15
value 0.00067
scoring_system epss
scoring_elements 0.20693
published_at 2026-05-14T12:55:00Z
16
value 0.00067
scoring_system epss
scoring_elements 0.20533
published_at 2026-05-07T12:55:00Z
17
value 0.00067
scoring_system epss
scoring_elements 0.20621
published_at 2026-05-09T12:55:00Z
18
value 0.00067
scoring_system epss
scoring_elements 0.20597
published_at 2026-05-11T12:55:00Z
19
value 0.00067
scoring_system epss
scoring_elements 0.20612
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69229
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69229
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
6
reference_url https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:45Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69229
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69229
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427257
reference_id 2427257
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427257
10
reference_url https://github.com/advisories/GHSA-g84x-mcqj-x9qq
reference_id GHSA-g84x-mcqj-x9qq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g84x-mcqj-x9qq
11
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
1
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
2
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69229, GHSA-g84x-mcqj-x9qq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-peyu-fxyx-ayde
5
url VCID-qrus-4szm-c3bj
vulnerability_id VCID-qrus-4szm-c3bj
summary 
AIOHTTP's unicode processing of header values could cause parsing discrepancies
### Summary
The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters.

### Impact
If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.

------

Patch: https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69224
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13027
published_at 2026-05-05T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13124
published_at 2026-04-29T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13228
published_at 2026-04-26T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13256
published_at 2026-04-24T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.13251
published_at 2026-04-21T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.13164
published_at 2026-04-18T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13165
published_at 2026-04-16T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13259
published_at 2026-04-13T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13308
published_at 2026-04-12T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13346
published_at 2026-04-11T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.13383
published_at 2026-04-02T12:55:00Z
11
value 0.00043
scoring_system epss
scoring_elements 0.13376
published_at 2026-04-09T12:55:00Z
12
value 0.00043
scoring_system epss
scoring_elements 0.13325
published_at 2026-04-08T12:55:00Z
13
value 0.00043
scoring_system epss
scoring_elements 0.13447
published_at 2026-04-04T12:55:00Z
14
value 0.00043
scoring_system epss
scoring_elements 0.13243
published_at 2026-04-07T12:55:00Z
15
value 0.00053
scoring_system epss
scoring_elements 0.16569
published_at 2026-05-14T12:55:00Z
16
value 0.00053
scoring_system epss
scoring_elements 0.16392
published_at 2026-05-07T12:55:00Z
17
value 0.00053
scoring_system epss
scoring_elements 0.16498
published_at 2026-05-09T12:55:00Z
18
value 0.00053
scoring_system epss
scoring_elements 0.16463
published_at 2026-05-11T12:55:00Z
19
value 0.00053
scoring_system epss
scoring_elements 0.16497
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69224
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69224
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/
url https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:43Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69224
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69224
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427246
reference_id 2427246
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427246
9
reference_url https://github.com/advisories/GHSA-69f9-5gxw-wvc2
reference_id GHSA-69f9-5gxw-wvc2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-69f9-5gxw-wvc2
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
1
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
2
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69224, GHSA-69f9-5gxw-wvc2
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrus-4szm-c3bj
6
url VCID-sjws-ddnq-fke2
vulnerability_id VCID-sjws-ddnq-fke2
summary 
AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
### Summary
A zip bomb can be used to execute a DoS against the aiohttp server.

### Impact
An attacker may be able to send a compressed request that when decompressed by aiohttp could exhaust the host's memory.

------

Patch: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69223.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69223
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.1932
published_at 2026-05-05T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.1943
published_at 2026-04-29T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19467
published_at 2026-04-26T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19479
published_at 2026-04-24T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19584
published_at 2026-04-21T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19572
published_at 2026-04-18T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19565
published_at 2026-04-16T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19587
published_at 2026-04-13T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19646
published_at 2026-04-12T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19695
published_at 2026-04-11T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19782
published_at 2026-04-02T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19689
published_at 2026-04-09T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19637
published_at 2026-04-08T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19557
published_at 2026-04-07T12:55:00Z
14
value 0.00063
scoring_system epss
scoring_elements 0.19835
published_at 2026-04-04T12:55:00Z
15
value 0.00082
scoring_system epss
scoring_elements 0.23842
published_at 2026-05-14T12:55:00Z
16
value 0.00082
scoring_system epss
scoring_elements 0.23714
published_at 2026-05-07T12:55:00Z
17
value 0.00082
scoring_system epss
scoring_elements 0.23784
published_at 2026-05-09T12:55:00Z
18
value 0.00082
scoring_system epss
scoring_elements 0.23729
published_at 2026-05-11T12:55:00Z
19
value 0.00082
scoring_system epss
scoring_elements 0.23748
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69223
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/
url https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:26:17Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69223
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69223
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427456
reference_id 2427456
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427456
9
reference_url https://github.com/advisories/GHSA-6mq8-rvhq-8wgg
reference_id GHSA-6mq8-rvhq-8wgg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mq8-rvhq-8wgg
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
12
reference_url https://access.redhat.com/errata/RHSA-2026:1497
reference_id RHSA-2026:1497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1497
13
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
14
reference_url https://access.redhat.com/errata/RHSA-2026:1596
reference_id RHSA-2026:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1596
15
reference_url https://access.redhat.com/errata/RHSA-2026:1599
reference_id RHSA-2026:1599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1599
16
reference_url https://access.redhat.com/errata/RHSA-2026:1609
reference_id RHSA-2026:1609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1609
17
reference_url https://access.redhat.com/errata/RHSA-2026:2106
reference_id RHSA-2026:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2106
18
reference_url https://access.redhat.com/errata/RHSA-2026:2695
reference_id RHSA-2026:2695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2695
19
reference_url https://access.redhat.com/errata/RHSA-2026:3461
reference_id RHSA-2026:3461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3461
20
reference_url https://access.redhat.com/errata/RHSA-2026:3462
reference_id RHSA-2026:3462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3462
21
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
22
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
23
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
24
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
25
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
26
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
27
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
28
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
29
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
1
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
2
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69223, GHSA-6mq8-rvhq-8wgg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjws-ddnq-fke2
7
url VCID-t9gx-etxx-vkgb
vulnerability_id VCID-t9gx-etxx-vkgb
summary 
AIOHTTP vulnerable to DoS when bypassing asserts
### Summary
When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body.

### Impact
If optimisations are enabled (`-O` or `PYTHONOPTIMIZE=1`), and the application includes a handler that uses the `Request.post()` method, then an attacker may be able to execute a DoS attack with a specially crafted message.

------

Patch: https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69227.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69227
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.1932
published_at 2026-05-05T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.1943
published_at 2026-04-29T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19467
published_at 2026-04-26T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19479
published_at 2026-04-24T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19584
published_at 2026-04-21T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19572
published_at 2026-04-18T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19565
published_at 2026-04-16T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19587
published_at 2026-04-13T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19646
published_at 2026-04-12T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19695
published_at 2026-04-11T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19782
published_at 2026-04-02T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19689
published_at 2026-04-09T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19637
published_at 2026-04-08T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19557
published_at 2026-04-07T12:55:00Z
14
value 0.00063
scoring_system epss
scoring_elements 0.19835
published_at 2026-04-04T12:55:00Z
15
value 0.00082
scoring_system epss
scoring_elements 0.23842
published_at 2026-05-14T12:55:00Z
16
value 0.00082
scoring_system epss
scoring_elements 0.23714
published_at 2026-05-07T12:55:00Z
17
value 0.00082
scoring_system epss
scoring_elements 0.23784
published_at 2026-05-09T12:55:00Z
18
value 0.00082
scoring_system epss
scoring_elements 0.23729
published_at 2026-05-11T12:55:00Z
19
value 0.00082
scoring_system epss
scoring_elements 0.23748
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69227
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69227
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/
url https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:12Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69227
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69227
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427256
reference_id 2427256
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427256
9
reference_url https://github.com/advisories/GHSA-jj3x-wxrx-4x23
reference_id GHSA-jj3x-wxrx-4x23
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jj3x-wxrx-4x23
10
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
11
reference_url https://access.redhat.com/errata/RHSA-2026:13545
reference_id RHSA-2026:13545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13545
12
reference_url https://access.redhat.com/errata/RHSA-2026:13553
reference_id RHSA-2026:13553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13553
13
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
14
reference_url https://access.redhat.com/errata/RHSA-2026:5809
reference_id RHSA-2026:5809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5809
15
reference_url https://access.redhat.com/errata/RHSA-2026:6761
reference_id RHSA-2026:6761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6761
16
reference_url https://access.redhat.com/errata/RHSA-2026:6762
reference_id RHSA-2026:6762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6762
17
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
1
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
2
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69227, GHSA-jj3x-wxrx-4x23
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9gx-etxx-vkgb
8
url VCID-tn28-662n-vug8
vulnerability_id VCID-tn28-662n-vug8
summary 
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
### Summary

A XSS vulnerability exists on index pages for static file handling.

### Details

When using `web.static(..., show_index=True)`, the resulting index pages do not escape file names.

If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to XSS attacks.

### Workaround

We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected.

Other users can disable `show_index` if unable to upgrade.

-----

Patch: https://github.com/aio-libs/aiohttp/pull/8319/files
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27306
reference_id
reference_type
scores
0
value 0.00593
scoring_system epss
scoring_elements 0.69288
published_at 2026-04-21T12:55:00Z
1
value 0.00593
scoring_system epss
scoring_elements 0.6934
published_at 2026-04-24T12:55:00Z
2
value 0.0069
scoring_system epss
scoring_elements 0.7187
published_at 2026-05-11T12:55:00Z
3
value 0.0069
scoring_system epss
scoring_elements 0.71906
published_at 2026-05-09T12:55:00Z
4
value 0.0069
scoring_system epss
scoring_elements 0.71957
published_at 2026-05-14T12:55:00Z
5
value 0.0069
scoring_system epss
scoring_elements 0.71899
published_at 2026-05-12T12:55:00Z
6
value 0.00709
scoring_system epss
scoring_elements 0.72284
published_at 2026-04-29T12:55:00Z
7
value 0.00709
scoring_system epss
scoring_elements 0.72288
published_at 2026-04-26T12:55:00Z
8
value 0.00709
scoring_system epss
scoring_elements 0.72302
published_at 2026-05-07T12:55:00Z
9
value 0.00709
scoring_system epss
scoring_elements 0.72274
published_at 2026-05-05T12:55:00Z
10
value 0.00749
scoring_system epss
scoring_elements 0.73167
published_at 2026-04-18T12:55:00Z
11
value 0.00749
scoring_system epss
scoring_elements 0.73158
published_at 2026-04-16T12:55:00Z
12
value 0.00749
scoring_system epss
scoring_elements 0.73115
published_at 2026-04-13T12:55:00Z
13
value 0.00749
scoring_system epss
scoring_elements 0.73121
published_at 2026-04-12T12:55:00Z
14
value 0.00749
scoring_system epss
scoring_elements 0.73141
published_at 2026-04-11T12:55:00Z
15
value 0.00749
scoring_system epss
scoring_elements 0.73117
published_at 2026-04-09T12:55:00Z
16
value 0.00749
scoring_system epss
scoring_elements 0.73103
published_at 2026-04-08T12:55:00Z
17
value 0.00749
scoring_system epss
scoring_elements 0.73066
published_at 2026-04-07T12:55:00Z
18
value 0.00749
scoring_system epss
scoring_elements 0.73092
published_at 2026-04-04T12:55:00Z
19
value 0.00749
scoring_system epss
scoring_elements 0.73072
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27306
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397
6
reference_url https://github.com/aio-libs/aiohttp/pull/8319
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/pull/8319
7
reference_url https://github.com/aio-libs/aiohttp/pull/8319/files
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/8319/files
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
9
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27306
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27306
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665
reference_id 1070665
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2275989
reference_id 2275989
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2275989
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/
reference_id 2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/
17
reference_url https://github.com/advisories/GHSA-7gpw-8wmc-pm8g
reference_id GHSA-7gpw-8wmc-pm8g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gpw-8wmc-pm8g
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/
reference_id NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/
19
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
20
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
21
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
22
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/
reference_id ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
1
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
aliases CVE-2024-27306, GHSA-7gpw-8wmc-pm8g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn28-662n-vug8
9
url VCID-ttq3-65ny-skdg
vulnerability_id VCID-ttq3-65ny-skdg
summary 
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
### Impact

aiohttp v3.8.4 and earlier are [bundled with llhttp v6.0.6](https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules) which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel.

This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`).

### Reproducer

```python
from aiohttp import web

async def example(request: web.Request):
    headers = dict(request.headers)
    body = await request.content.read()
    return web.Response(text=f"headers: {headers} body: {body}")

app = web.Application()
app.add_routes([web.post('/', example)])
web.run_app(app)
```

Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling.

```console
$ printf "POST / HTTP/1.1\r\nHost: localhost:8080\r\nX-Abc: \rxTransfer-Encoding: chunked\r\n\r\n1\r\nA\r\n0\r\n\r\n" \
  | nc localhost 8080

Expected output:
  headers: {'Host': 'localhost:8080', 'X-Abc': '\rxTransfer-Encoding: chunked'} body: b''

Actual output (note that 'Transfer-Encoding: chunked' is an HTTP header now and body is treated differently)
  headers: {'Host': 'localhost:8080', 'X-Abc': '', 'Transfer-Encoding': 'chunked'} body: b'A'
```

### Patches

Upgrade to the latest version of aiohttp to resolve this vulnerability. It has been fixed in v3.8.5: [`pip install aiohttp >= 3.8.5`](https://pypi.org/project/aiohttp/3.8.5/)

### Workarounds

If you aren't able to upgrade you can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable to request smuggling:

```console
$ python -m pip uninstall --yes aiohttp
$ AIOHTTP_NO_EXTENSIONS=1 python -m pip install --no-binary=aiohttp --no-cache aiohttp
```

### References

* https://nvd.nist.gov/vuln/detail/CVE-2023-30589
* https://hackerone.com/reports/2001873
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37276.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37276.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37276
reference_id
reference_type
scores
0
value 0.05775
scoring_system epss
scoring_elements 0.90497
published_at 2026-04-21T12:55:00Z
1
value 0.05775
scoring_system epss
scoring_elements 0.9048
published_at 2026-04-09T12:55:00Z
2
value 0.05775
scoring_system epss
scoring_elements 0.90474
published_at 2026-04-08T12:55:00Z
3
value 0.05775
scoring_system epss
scoring_elements 0.90462
published_at 2026-04-07T12:55:00Z
4
value 0.05775
scoring_system epss
scoring_elements 0.90456
published_at 2026-04-04T12:55:00Z
5
value 0.05775
scoring_system epss
scoring_elements 0.90444
published_at 2026-04-02T12:55:00Z
6
value 0.05775
scoring_system epss
scoring_elements 0.90566
published_at 2026-05-14T12:55:00Z
7
value 0.05775
scoring_system epss
scoring_elements 0.90552
published_at 2026-05-12T12:55:00Z
8
value 0.05775
scoring_system epss
scoring_elements 0.90543
published_at 2026-05-11T12:55:00Z
9
value 0.05775
scoring_system epss
scoring_elements 0.90545
published_at 2026-05-09T12:55:00Z
10
value 0.05775
scoring_system epss
scoring_elements 0.90534
published_at 2026-05-07T12:55:00Z
11
value 0.05775
scoring_system epss
scoring_elements 0.90516
published_at 2026-05-05T12:55:00Z
12
value 0.05775
scoring_system epss
scoring_elements 0.90506
published_at 2026-04-29T12:55:00Z
13
value 0.05775
scoring_system epss
scoring_elements 0.90509
published_at 2026-04-26T12:55:00Z
14
value 0.05775
scoring_system epss
scoring_elements 0.90498
published_at 2026-04-18T12:55:00Z
15
value 0.05775
scoring_system epss
scoring_elements 0.90481
published_at 2026-04-13T12:55:00Z
16
value 0.05775
scoring_system epss
scoring_elements 0.90487
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37276
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
4
reference_url https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/
url https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules
5
reference_url https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/
url https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40
6
reference_url https://github.com/aio-libs/aiohttp/commit/9c13a52c21c23dfdb49ed89418d28a5b116d0681
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/9c13a52c21c23dfdb49ed89418d28a5b116d0681
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-120.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-120.yaml
9
reference_url https://hackerone.com/reports/2001873
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-18T16:05:51Z/
url https://hackerone.com/reports/2001873
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37276
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37276
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2224185
reference_id 2224185
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2224185
12
reference_url https://github.com/advisories/GHSA-45c4-8wx5-qw6w
reference_id GHSA-45c4-8wx5-qw6w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-45c4-8wx5-qw6w
13
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
aliases CVE-2023-37276, GHSA-45c4-8wx5-qw6w, PYSEC-2023-120
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttq3-65ny-skdg
10
url VCID-vqvz-jfqh-jkaz
vulnerability_id VCID-vqvz-jfqh-jkaz
summary 
AIOHTTP vulnerable to brute-force leak of internal static file path components
### Summary
Path normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the
existence of absolute path components.

### Impact
If an application uses `web.static()` (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components.

------

Patch: https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69226.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69226
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19458
published_at 2026-05-05T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.19575
published_at 2026-04-29T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19611
published_at 2026-04-26T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19625
published_at 2026-04-24T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.1973
published_at 2026-04-21T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19718
published_at 2026-04-18T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19716
published_at 2026-04-16T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19741
published_at 2026-04-13T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19798
published_at 2026-04-12T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19843
published_at 2026-04-11T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19927
published_at 2026-04-02T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.1984
published_at 2026-04-09T12:55:00Z
12
value 0.00063
scoring_system epss
scoring_elements 0.19788
published_at 2026-04-08T12:55:00Z
13
value 0.00063
scoring_system epss
scoring_elements 0.19982
published_at 2026-04-04T12:55:00Z
14
value 0.00063
scoring_system epss
scoring_elements 0.19708
published_at 2026-04-07T12:55:00Z
15
value 0.0007
scoring_system epss
scoring_elements 0.21413
published_at 2026-05-14T12:55:00Z
16
value 0.0007
scoring_system epss
scoring_elements 0.2125
published_at 2026-05-07T12:55:00Z
17
value 0.0007
scoring_system epss
scoring_elements 0.21339
published_at 2026-05-09T12:55:00Z
18
value 0.0007
scoring_system epss
scoring_elements 0.21315
published_at 2026-05-11T12:55:00Z
19
value 0.0007
scoring_system epss
scoring_elements 0.21336
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69226
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69226
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/
url https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:25:35Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69226
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69226
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427245
reference_id 2427245
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427245
9
reference_url https://github.com/advisories/GHSA-54jq-c3m8-4m76
reference_id GHSA-54jq-c3m8-4m76
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54jq-c3m8-4m76
10
reference_url https://usn.ubuntu.com/8032-1/
reference_id USN-8032-1
reference_type
scores
url https://usn.ubuntu.com/8032-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
1
url pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
purl pkg:deb/debian/python-aiohttp@3.11.16-1%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%252Bdeb13u1
2
url pkg:deb/debian/python-aiohttp@3.13.3-3
purl pkg:deb/debian/python-aiohttp@3.13.3-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3
aliases CVE-2025-69226, GHSA-54jq-c3m8-4m76
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqvz-jfqh-jkaz
Risk_score4.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1