CVE-2026-34525

< 3.13.4

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers wer

5.3MEDIUM

CVE-2026-34520

< 3.13.4

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default

9.1CRITICAL

CVE-2026-34519

< 3.13.4

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls

5.3MEDIUM

CVE-2026-34518

< 3.13.4

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects

5.3MEDIUM

CVE-2026-34517

< 3.13.4

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form f

5.3MEDIUM

CVE-2026-34516

< 3.13.4

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excess

7.5HIGH

CVE-2026-34515

< 3.13.4

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static res

7.5HIGH

CVE-2026-34514

< 3.13.4

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls

5.3MEDIUM

CVE-2026-34513

< 3.13.4

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache co

7.5HIGH

CVE-2026-22815

< 3.13.4

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions

7.5HIGH

CVE-2025-69230

< 3.13.3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple inv

5.3MEDIUM

CVE-2025-69229

< 3.13.3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked

5.3MEDIUM

CVE-2025-69228

< 3.13.3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be cr

7.5HIGH

CVE-2025-69227

< 3.13.3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite lo

7.5HIGH

CVE-2025-69225

< 3.13.3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic whi

5.3MEDIUM

CVE-2025-69226

< 3.13.3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to as

5.3MEDIUM

CVE-2025-69224

< 3.13.3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parse

6.5MEDIUM

CVE-2025-69223

< 3.13.3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be u

7.5HIGH

CVE-2025-53643

< 3.12.14

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vul

7.5HIGH

CVE-2024-52304

< 3.10.11

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses

7.5HIGH

CVE-2024-52303

>= 3.10.6 and < 3.10.11

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10

7.5HIGH

CVE-2024-42367

>= 3.10.0 and < 3.10.2

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.

4.8MEDIUM

CVE-2024-30251

< 3.9.4

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specia

7.5HIGH

CVE-2024-27306

< 3.9.4

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for stat

6.1MEDIUM

CVE-2024-23829

< 3.9.2

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser

6.5MEDIUM

CVE-2024-23334

>= 1.0.5 and < 3.9.2

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring

5.9MEDIUM

CVE-2023-49081

< 3.9.0

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attack

7.2HIGH

CVE-2023-49082

< 3.9.0

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attac

5.3MEDIUM

CVE-2023-47641

< 3.8.0

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulne

3.4LOW

CVE-2023-47627

< 3.8.6

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems w

5.3MEDIUM

CVE-2023-37276

<= 3.8.4

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp

5.3MEDIUM

CVE-2022-33124

all versions

AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple thi

5.5MEDIUM

CVE-2021-21330

< 3.7.4

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open r

3.1LOW