Aiohttp
This hub aggregates every CVE we track for Aiohttp, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
45
CVEs tracked
1
Critical
22
High
0
In CISA KEV
Severity distribution
HIGH22MEDIUM20LOW2CRITICAL1
Monthly trend
2
0
0
2
0
0
0
0
0
0
0
1
0
0
0
0
0
8
0
0
10
0
11
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Aiohttp.
- CVE-2026-54273AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit7.5
- CVE-2026-54280AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect7.5
- CVE-2026-54278AIOHTTP: Unread Compressed Request Bodies Bypass client_max_size During Cleanup7.5
- CVE-2026-54277AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines7.5
- CVE-2026-54276AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges6.1
- CVE-2026-54275AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections7.5
- CVE-2026-54274AIOHTTP: Incomplete websocket frame payloads bypass memory limits7.5
- CVE-2026-54279AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence7.5
- CVE-2026-50269AIOHTTP: CRLF injection in multipart headers7.5
- CVE-2026-47265AIOHTTP vulnerable to cross-origin redirect with per-request cookies7.5
- CVE-2026-34993AIOHTTP Vulnerable to Deserialization of Untrusted Data6.4
- CVE-2026-34525AIOHTTP: Duplicate Host header accepted5.3
- CVE-2026-34520AIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypass9.1
- CVE-2026-34519AIOHTTP: HTTP response splitting via \r in reason phrase5.3
- CVE-2026-34518AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect5.3
Product normalization is registry-driven with AI assist and human review. How it works