Aio-libs Aiohttp
34 CVEs affecting Aio-libs Aiohttp. Latest disclosed: 2026-06-02. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-47265 | High | 7.5 | 2026-06-02 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests a… |
CVE-2025-69223 | High | 7.5 | 2026-01-05 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against… |
CVE-2024-30251 | High | 7.5 | 2024-05-02 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/f… |
CVE-2023-49081 | High | 7.2 | 2023-11-30 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request… |
CVE-2024-23829 | Medium | 6.5 | 2024-01-29 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences i… |
CVE-2026-34993 | Medium | 6.4 | 2026-06-02 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may al… |
CVE-2024-27306 | Medium | 6.1 | 2024-04-18 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulner… |
CVE-2024-23334 | Medium | 5.9 | 2024-01-29 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessa… |
CVE-2023-49082 | Medium | 5.3 | 2023-11-29 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP reques… |
CVE-2023-47627 | Medium | 5.3 | 2023-11-14 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which cou… |
CVE-2023-37276 | Medium | 5.3 | 2023-07-19 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is u… |
CVE-2024-42367 | Medium | 4.8 | 2024-08-09 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which con… |
CVE-2023-47641 | Low | 3.4 | 2023-11-14 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the incons… |
CVE-2021-21330 | Low | 3.1 | 2021-02-26 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A mali… |
CVE-2026-34525 | | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This is… | |
CVE-2026-34520 | | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted… | |
CVE-2026-34519 | | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when cre… | |
CVE-2026-34518 | | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohtt… | |
CVE-2026-34517 | | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entir… | |
CVE-2026-34516 | | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart heade… |