Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how aiohttp compares to other vendors in security performance

View Risk Score →

pip/aiohttpAIOHTTP: Duplicate Host header accepted

Risk 37
Severity
6.3
First published (updated )
CVE-2026-34525

pip/aiohttpAIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypass

Risk 66
Severity
2.7
First published (updated )
CVE-2026-34520

pip/aiohttpAIOHTTP: HTTP response splitting via \r in reason phrase

Risk 27
Severity
2.7
First published (updated )
CVE-2026-34519

pip/aiohttpAIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect

Risk 27
Severity
2.7
First published (updated )
CVE-2026-34518

pip/aiohttpAIOHTTP: Late size enforcement for non-file multipart fields causes memory DoS

Risk 27
Severity
2.7
First published (updated )
CVE-2026-34517
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/aiohttpAIOHTTP: Multipart Header Size Bypass

Risk 43
Severity
6.6
First published (updated )
CVE-2026-34516

pip/aiohttpAIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

Risk 43
Severity
6.6
First published (updated )
CVE-2026-34515

pip/aiohttpAIOHTTP: CRLF injection in multipart part content type header construction

Risk 27
Severity
2.7
First published (updated )
CVE-2026-34514

pip/aiohttpAIOHTTP: Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector

Risk 43
Severity
2.7
First published (updated )
CVE-2026-34513

pip/aiohttpAIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers

Risk 43
Severity
6.9
First published (updated )
CVE-2026-22815
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/aiohttpAIOHTTP Vulnerable to Cookie Parser Warning Storm

Risk 29
Severity
2.7
First published (updated )
CVE-2025-69230

pip/aiohttpAIOHTTP vulnerable to DoS through chunked messages

Risk 43
Severity
6.6
First published (updated )
CVE-2025-69229

pip/aiohttpAIOHTTP vulnerable to denial of service through large payloads

Risk 46
Severity
6.6
First published (updated )
CVE-2025-69228

pypi/aiohttpAIOHTTP vulnerable to DoS when bypassing asserts

Risk 46
Severity
6.6
First published (updated )
CVE-2025-69227

pypi/aiohttpAIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields

Risk 29
Severity
2.7
First published (updated )
CVE-2025-69225
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pypi/aiohttpAIOHTTP allows for a brute-force leak of internal static filepath components

Risk 31
Severity
6.3
First published (updated )
CVE-2025-69226

pypi/aiohttpAIOHTTP's Unicode processing of header values could cause parsing discrepancies

Risk 42
Severity
6.5
First published (updated )
CVE-2025-69224

pypi/aiohttpAIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

Risk 46
Severity
7.5
First published (updated )
CVE-2025-69223

pip/aiohttpAIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

Risk 43
Severity
1.7
First published (updated )
CVE-2025-53643

aiohttp aiohttpaiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1…

Risk 18
Severity
4
First published (updated )
REDHAT-BUG-2327130
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/aiohttpaiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions

Risk 46
Severity
7.5
First published (updated )
CVE-2024-52304

pip/aiohttpaiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method

Risk 49
Severity
8.7
First published (updated )
CVE-2024-52303

pip/aiohttpIn aiohttp, compressed files as symlinks are not protected from path traversal

Risk 33
Severity
4.8
First published (updated )
CVE-2024-42367

CVE-2024-30251: DoS in aiohttp

First published (updated )
https://seclists.org/oss-sec/2024/q2/202

pip/aiohttpDenial of service when trying to parse malformed POST requests in aiohttp

Risk 46
Severity
7.5
First published (updated )
CVE-2024-30251
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Fedoraproject Fedoraaiohttp vulnerable to XSS on index pages for static file handling

Risk 40
Severity
6.1
First published (updated )
CVE-2024-27306

BleepingComputerHackers exploit Aiohttp bug to find vulnerable networks

First published (updated )
News
BleepingComputer

pip/aiohttpaiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

Risk 29
Severity
6.5
EPSS
0.07%
First published (updated )
CVE-2024-23829

pip/aiohttpaiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal

Risk 65
Severity
7.5
Exploited
EPSS
5.17%
First published (updated )
CVE-2024-23334

pip/aiohttpaiohttp's ClientSession is vulnerable to CRLF injection via version

Risk 46
Severity
7.2
First published (updated )
CVE-2023-49081
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203