Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/python-aiohttp@3.14.0-1
purl pkg:deb/debian/python-aiohttp@3.14.0-1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-kc4y-3rrv-77h4 python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects CVE-2026-47265
GHSA-hg6j-4rv6-33pg
VCID-qs2p-udan-p3an AIOHTTP is Vulnerable to Deserialization of Untrusted Data ### Summary Using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. ### Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. ### Workaround If an application does allow attacker controlled files to be loaded, a workaround on older releases would be to sanitise the files before loading. ----- Patch: https://github.com/aio-libs/aiohttp/commit/dcf40f30637e8752c76781cf6703b5a236749a00 CVE-2026-34993
GHSA-jg22-mg44-37j8

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T18:51:03.822661+00:00 Debian Importer Fixing VCID-kc4y-3rrv-77h4 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-06-05T18:44:40.571424+00:00 Debian Importer Fixing VCID-qs2p-udan-p3an https://security-tracker.debian.org/tracker/data/json 38.6.0