aiohttp vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-54274Mediumaiohttp: aiohttp: Incomplete websocket frame payloads bypass memory limitsCVE-2026-54275Lowaiohttp: aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS ConnectionsCVE-2026-54280Lowaiohttp: aiohttp: Payload Response Resources Are Not Closed After Mid-Body DisconnectCVE-2026-54273Mediumaiohttp: aiohttp: HTTP/1 Pipelined Requests Queue Without LimitCVE-2026-54278Mediumaiohttp: aiohttp: Unread Compressed Request Bodies Bypass client_max_size During CleanupCVE-2026-54277Mediumaiohttp: aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented LinesCVE-2026-54276Mediumaiohttp: aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect ChallengesCVE-2026-54279Lowaiohttp: aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar PersistenceCVE-2026-50269Lowaiohttp: aiohttp: CRLF injection in multipart headersCVE-2026-47265Mediumaiohttp: AIOHTTP is vulnerable to cross-origin redirect with per-request cookiesCVE-2026-34993Mediumaiohttp: AIOHTTP is Vulnerable to Deserialization of Untrusted DataCVE-2026-34525Mediumaiohttp: AIOHTTP accepts duplicate Host headersCVE-2026-34520Lowaiohttp: AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values -…CVE-2026-34519Lowaiohttp: AIOHTTP has HTTP response splitting via \r in reason phraseCVE-2026-34518Lowaiohttp: AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirectCVE-2026-34517Lowaiohttp: AIOHTTP has late size enforcement for non-file multipart fields causes memory DoSCVE-2026-34516Mediumaiohttp: AIOHTTP has a Multipart Header Size BypassCVE-2026-34515Mediumaiohttp: AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on…CVE-2026-34514Lowaiohttp: AIOHTTP has CRLF injection through multipart part content type header constructionCVE-2026-34513Lowaiohttp: AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnectorCVE-2026-22815Mediumaiohttp: aiohttp allows unlimited trailer headers, leading to possible uncapped memory usageCVE-2025-69230Lowaiohttp: AIOHTTP Vulnerable to Cookie Parser Warning StormCVE-2025-69229Mediumaiohttp: AIOHTTP vulnerable to DoS through chunked messagesCVE-2025-69228Mediumaiohttp: AIOHTTP vulnerable to denial of service through large payloadsCVE-2025-69227Mediumaiohttp: AIOHTTP vulnerable to DoS when bypassing asserts

Stop the waste.
Protect your environment with Kodem.