HIGH 7.5 PyPI
GHSA-27mf-ghqm-j3j8 · CVE-2024-52303 aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
수정: 2026. 2. 4.
package
PyPI / aiohttp
pkg:pypi/aiohttp
LOW PyPI
GHSA-2fqr-mr3j-6wp8 · CVE-2026-54279 aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
수정: 2026. 6. 15.
LOW PyPI
GHSA-2vrm-gr82-f7m5 · CVE-2026-34514 AIOHTTP has CRLF injection through multipart part content type header construction
수정: 2026. 4. 6.
LOW PyPI
GHSA-3wq7-rqq7-wx6j · CVE-2026-34517 AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS
수정: 2026. 4. 2.
MEDIUM 5.3 PyPI
GHSA-45c4-8wx5-qw6w · CVE-2023-37276, PYSEC-2023-120 aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
수정: 2024. 9. 3.
MEDIUM PyPI
GHSA-4fvr-rgm6-gqmc · CVE-2026-54273 aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
수정: 2026. 6. 15.
LOW PyPI
GHSA-4m7w-qmgq-4wj5 · CVE-2026-54275 aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections
수정: 2026. 6. 15.
LOW PyPI
GHSA-54jq-c3m8-4m76 · CVE-2025-69226 AIOHTTP vulnerable to brute-force leak of internal static file path components
수정: 2026. 2. 4.
MEDIUM 5.9 PyPI
GHSA-5h86-8mv2-jq9f · CVE-2024-23334, PYSEC-2024-24 aiohttp is vulnerable to directory traversal
수정: 2026. 2. 4.
HIGH 7.5 PyPI
GHSA-5m98-qgg9-wh84 · CVE-2024-30251 aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
수정: 2026. 2. 4.
CRITICAL 9.1 PyPI
GHSA-63hf-3vf5-4wqf · CVE-2026-34520 AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass
수정: 2026. 4. 6.
MEDIUM PyPI
GHSA-63hw-fmq6-xxg2 · CVE-2026-54277 aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines
수정: 2026. 6. 15.
LOW PyPI
GHSA-69f9-5gxw-wvc2 · CVE-2025-69224 AIOHTTP's unicode processing of header values could cause parsing discrepancies
수정: 2026. 2. 4.
MEDIUM PyPI
GHSA-6jhg-hg63-jvvf · CVE-2025-69228 AIOHTTP vulnerable to denial of service through large payloads
수정: 2026. 2. 4.
HIGH 7.5 PyPI
GHSA-6mq8-rvhq-8wgg · CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
수정: 2026. 2. 4.
MEDIUM 6.1 PyPI
GHSA-7gpw-8wmc-pm8g · CVE-2024-27306 aiohttp Cross-site Scripting vulnerability on index pages for static file handling
수정: 2026. 2. 4.
MEDIUM PyPI
GHSA-8495-4g3g-x7pr · CVE-2024-52304 aiohttp allows request smuggling due to incorrect parsing of chunk extensions
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-8qpw-xqxj-h4r2 · CVE-2024-23829, PYSEC-2024-26 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
수정: 2026. 2. 4.
LOW PyPI
GHSA-9548-qrrj-x5pj · CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
수정: 2026. 2. 4.
MEDIUM 5.3 PyPI
GHSA-966j-vmvw-g2g9 · CVE-2026-34518 AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
수정: 2026. 5. 5.
LOW PyPI
GHSA-9x8q-7h8h-wcw9 · CVE-2026-54280 aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect
수정: 2026. 6. 15.
MEDIUM PyPI
GHSA-c427-h43c-vf67 · CVE-2026-34525 AIOHTTP accepts duplicate Host headers
수정: 2026. 4. 2.
LOW PyPI
GHSA-fh55-r93g-j68g · CVE-2025-69230 AIOHTTP Vulnerable to Cookie Parser Warning Storm
수정: 2026. 2. 4.
MEDIUM PyPI
GHSA-g3cq-j2xw-wf74 · CVE-2026-54278 aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup
수정: 2026. 6. 15.
MEDIUM PyPI
GHSA-g84x-mcqj-x9qq · CVE-2025-69229 AIOHTTP vulnerable to DoS through chunked messages
수정: 2026. 2. 4.
MEDIUM 5.3 PyPI
GHSA-gfw2-4jvh-wgfg · CVE-2023-47627, PYSEC-2023-246 AIOHTTP has problems in HTTP parser (the python one, not llhttp)
수정: 2026. 2. 4.
LOW PyPI
GHSA-hcc4-c3v8-rx92 · CVE-2026-34513 AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector
수정: 2026. 4. 6.
MEDIUM PyPI
GHSA-hg6j-4rv6-33pg · CVE-2026-47265 AIOHTTP is vulnerable to cross-origin redirect with per-request cookies
수정: 2026. 6. 4.
MEDIUM PyPI
GHSA-hpj7-wq8m-9hgp · CVE-2026-54276 aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges
수정: 2026. 6. 15.
MEDIUM 6.4 PyPI
GHSA-jg22-mg44-37j8 · CVE-2026-34993 AIOHTTP is Vulnerable to Deserialization of Untrusted Data
수정: 2026. 6. 4.
MEDIUM PyPI
GHSA-jj3x-wxrx-4x23 · CVE-2025-69227 AIOHTTP vulnerable to DoS when bypassing asserts
수정: 2026. 2. 4.
MEDIUM 4.8 PyPI
GHSA-jwhx-xcg6-8xhj · CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
수정: 2026. 2. 4.
HIGH 7.5 PyPI
GHSA-m5qp-6w8w-w647 · CVE-2026-34516 AIOHTTP has a Multipart Header Size Bypass
수정: 2026. 4. 6.
LOW PyPI
GHSA-m6qw-4cw2-hm4m · CVE-2026-50269 aiohttp: CRLF injection in multipart headers
수정: 2026. 6. 15.
LOW PyPI
GHSA-mqqc-3gqh-h2x8 · CVE-2025-69225 AIOHTTP has unicode match groups in regexes for ASCII protocol elements
수정: 2026. 2. 4.
LOW PyPI
GHSA-mwh4-6h8g-pg8w · CVE-2026-34519 AIOHTTP has HTTP response splitting via \r in reason phrase
수정: 2026. 4. 2.
MEDIUM PyPI
GHSA-p998-jp59-783m · CVE-2026-34515 AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows
수정: 2026. 4. 6.
MEDIUM PyPI
GHSA-pjjw-qhg8-p2p9 aiohttp has vulnerable dependency that is vulnerable to request smuggling
수정: 2026. 2. 4.
HIGH 7.2 PyPI
GHSA-q3qx-c6g2-7pw2 · CVE-2023-49081, PYSEC-2023-250 aiohttp's ClientSession is vulnerable to CRLF injection via version
수정: 2026. 2. 4.
MEDIUM 5.3 PyPI
GHSA-qvrw-v9rv-5rjx · CVE-2023-49082, PYSEC-2023-251 aiohttp's ClientSession is vulnerable to CRLF injection via method
수정: 2026. 2. 4.
LOW 3.1 PyPI
GHSA-v6wp-4m6f-gcjg · CVE-2021-21330, PYSEC-2021-76 `aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
수정: 2026. 3. 13.
MEDIUM PyPI
GHSA-w2fm-2cpv-w7v5 · CVE-2026-22815 aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage
수정: 2026. 4. 6.
MEDIUM PyPI
GHSA-xcgm-r5h9-7989 · CVE-2026-54274 aiohttp: Incomplete websocket frame payloads bypass memory limits
수정: 2026. 6. 15.
LOW 3.4 PyPI
GHSA-xx9p-xxvh-7g8j · CVE-2023-47641, PYSEC-2023-247 Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks
수정: 2025. 11. 3.
— PyPI
PYSEC-2021-76 · CVE-2021-21330, GHSA-v6wp-4m6f-gcjg 수정: 2023. 11. 8.
— PyPI
PYSEC-2023-120 · CVE-2023-37276, GHSA-45c4-8wx5-qw6w aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
수정: 2023. 11. 8.
HIGH 7.5 PyPI
PYSEC-2023-246 · CVE-2023-47627, GHSA-gfw2-4jvh-wgfg 수정: 2023. 11. 22.
MEDIUM 6.5 PyPI
PYSEC-2023-247 · CVE-2023-47641, GHSA-xx9p-xxvh-7g8j 수정: 2023. 11. 22.
MEDIUM 5.3 PyPI
PYSEC-2023-250 · CVE-2023-49081, GHSA-q3qx-c6g2-7pw2 수정: 2024. 1. 29.
MEDIUM 5.3 PyPI
PYSEC-2023-251 · CVE-2023-49082, GHSA-qvrw-v9rv-5rjx 수정: 2024. 1. 29.
HIGH 7.5 PyPI
PYSEC-2024-24 · CVE-2024-23334, GHSA-5h86-8mv2-jq9f 수정: 2024. 2. 5.
MEDIUM 6.5 PyPI
PYSEC-2024-26 · CVE-2024-23829, GHSA-8qpw-xqxj-h4r2 수정: 2024. 2. 6.