Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,437
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,695
Pub
13
RubyGems
1,031
Rust
1,222
Swift
53
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect Low
CVE-2026-34518 was published for aiohttp (pip) Apr 1, 2026
uug4na Credited to uug4na and Dreamsorcerer Dreamsorcerer Dreamsorcerer
AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS Low
CVE-2026-34517 was published for aiohttp (pip) Apr 1, 2026
bekkaze Credited to bekkaze and Dreamsorcerer Dreamsorcerer Dreamsorcerer
AIOHTTP has a Multipart Header Size Bypass Moderate
CVE-2026-34516 was published for aiohttp (pip) Apr 1, 2026
bekkaze Credited to bekkaze and Dreamsorcerer Dreamsorcerer Dreamsorcerer
aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage Moderate
CVE-2026-22815 was published for aiohttp (pip) Apr 1, 2026
sg3-141-592 Credited to sg3-141-592 and Dreamsorcerer Dreamsorcerer Dreamsorcerer
AIOHTTP Vulnerable to Cookie Parser Warning Storm Low
CVE-2025-69230 was published for aiohttp (pip) Jan 5, 2026
Finder16 Credited to Finder16 and Dreamsorcerer Dreamsorcerer Dreamsorcerer
AIOHTTP vulnerable to DoS through chunked messages Moderate
CVE-2025-69229 was published for aiohttp (pip) Jan 5, 2026
Finder16 Credited to Finder16 and Dreamsorcerer Dreamsorcerer Dreamsorcerer
AIOHTTP vulnerable to denial of service through large payloads Moderate
CVE-2025-69228 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma Credited to ThomasRinsma, Finder16, and Dreamsorcerer Finder16 Finder16
Dreamsorcerer Dreamsorcerer
AIOHTTP vulnerable to DoS when bypassing asserts Moderate
CVE-2025-69227 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma Credited to ThomasRinsma, Dreamsorcerer, and bdraco Dreamsorcerer Dreamsorcerer
bdraco bdraco
AIOHTTP vulnerable to brute-force leak of internal static file path components Low
CVE-2025-69226 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma Credited to ThomasRinsma, Dreamsorcerer, and bdraco Dreamsorcerer Dreamsorcerer
bdraco bdraco
AIOHTTP has unicode match groups in regexes for ASCII protocol elements Low
CVE-2025-69225 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma Credited to ThomasRinsma and Dreamsorcerer Dreamsorcerer Dreamsorcerer
AIOHTTP's unicode processing of header values could cause parsing discrepancies Low
CVE-2025-69224 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma Credited to ThomasRinsma and Dreamsorcerer Dreamsorcerer Dreamsorcerer
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections Low
CVE-2025-53643 was published for aiohttp (pip) Jul 14, 2025
JeppW Credited to JeppW and Dreamsorcerer Dreamsorcerer Dreamsorcerer
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests High
CVE-2024-30251 was published for aiohttp (pip) May 3, 2024
bytehope Credited to bytehope and Dreamsorcerer Dreamsorcerer Dreamsorcerer
aiohttp is vulnerable to directory traversal High
CVE-2024-23334 was published for aiohttp (pip) Jan 29, 2024
lcttty Credited to lcttty, solarpeng502, and Dreamsorcerer solarpeng502 solarpeng502
Dreamsorcerer Dreamsorcerer
aiohttp's ClientSession is vulnerable to CRLF injection via version Moderate
CVE-2023-49081 was published for aiohttp (pip) Nov 27, 2023
jnovikov Credited to jnovikov and Dreamsorcerer Dreamsorcerer Dreamsorcerer
aiohttp's ClientSession is vulnerable to CRLF injection via method Moderate
CVE-2023-49082 was published for aiohttp (pip) Nov 27, 2023
jnovikov Credited to jnovikov and Dreamsorcerer Dreamsorcerer Dreamsorcerer
aiohttp has vulnerable dependency that is vulnerable to request smuggling Moderate
GHSA-pjjw-qhg8-p2p9 was published for aiohttp (pip) Nov 27, 2023
kenballus Credited to kenballus and Dreamsorcerer Dreamsorcerer Dreamsorcerer
AIOHTTP has problems in HTTP parser (the python one, not llhttp) Moderate
CVE-2023-47627 was published for aiohttp (pip) Nov 14, 2023
kenballus Credited to kenballus and Dreamsorcerer Dreamsorcerer Dreamsorcerer
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser Moderate
CVE-2023-37276 was published for aiohttp (pip) Jul 20, 2023
sethmlarson Credited to sethmlarson and Dreamsorcerer Dreamsorcerer Dreamsorcerer
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database