Vulnerabilities in aio-libs
47 resultsCVE-2024-23334MEDIUMaiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversalEPSS 76.9%CVE-2021-21330LOWOpen redirect vulnerability in aiohttpEPSS 1.9%CVE-2023-37276MEDIUMaiohttp vulnerable to HTTP request smugglingEPSS 1.4%CVE-2024-30251HIGHDenial of service when trying to parse malformed POST requests in aiohttpEPSS 1.1%CVE-2024-23829MEDIUMaiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separatorsEPSS 1.0%CVE-2023-49082MEDIUMaiohttp's ClientSession is vulnerable to CRLF injection via methodEPSS 0.9%CVE-2023-49081HIGHaiohttp's ClientSession is vulnerable to CRLF injection via versionEPSS 0.9%CVE-2023-47627MEDIUMRequest smuggling in aiohttpEPSS 0.9%CVE-2023-47641LOWInconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttpEPSS 0.8%CVE-2024-27306MEDIUMaiohttp vulnerable to XSS on index pages for static file handlingEPSS 0.7%CVE-2024-42367MEDIUMIn aiohttp, compressed files as symlinks are not protected from path traversalEPSS 0.6%CVE-2024-52304MEDIUMaiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensionsEPSS 0.6%CVE-2024-52303HIGHaiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed methodEPSS 0.6%CVE-2026-34520LOWAIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypassEPSS 0.5%CVE-2026-22815MEDIUMAIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headersEPSS 0.4%CVE-2026-34516MEDIUMAIOHTTP: Multipart Header Size BypassEPSS 0.4%CVE-2026-34513LOWAIOHTTP: Denial of Service (DoS) via Unbounded DNS Cache in TCPConnectorEPSS 0.4%CVE-2026-34515MEDIUMAIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on WindowsEPSS 0.4%CVE-2025-48945HIGHpycares has a Use-After-Free VulnerabilityEPSS 0.4%CVE-2026-34517LOWAIOHTTP: Late size enforcement for non-file multipart fields causes memory DoSEPSS 0.4%