| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-52303 | aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method | aio-libs | aiohttp | 高危 | - | 2024-11-18 20:08:15 | Deep Dive |
| CVE-2024-42367 | In aiohttp, compressed files as symlinks are not protected from path traversal | aio-libs | aiohttp | Medium | 4.8 | 2024-08-09 17:25:23 | Deep Dive |
| CVE-2024-30251 | Denial of service when trying to parse malformed POST requests in aiohttp | aio-libs | aiohttp | High | 7.5 | 2024-05-02 13:55:06 | Deep Dive |
| CVE-2024-27306 | aiohttp vulnerable to XSS on index pages for static file handling | aio-libs | aiohttp | Medium | 6.1 | 2024-04-18 14:23:25 | Deep Dive |
| CVE-2024-23334 | aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal | aio-libs | aiohttp | Medium | 5.9 | 2024-01-29 22:41:40 | Deep Dive |
| CVE-2024-23829 | aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators | aio-libs | aiohttp | Medium | 6.5 | 2024-01-29 22:41:35 | Deep Dive |
| CVE-2023-49081 | aiohttp's ClientSession is vulnerable to CRLF injection via version | aio-libs | aiohttp | High | 7.2 | 2023-11-30 06:56:26 | Deep Dive |
| CVE-2023-49082 | aiohttp's ClientSession is vulnerable to CRLF injection via method | aio-libs | aiohttp | Medium | 5.3 | 2023-11-29 20:07:29 | Deep Dive |
| CVE-2023-47627 | Request smuggling in aiohttp | aio-libs | aiohttp | Medium | 5.3 | 2023-11-14 20:48:48 | Deep Dive |
| CVE-2023-47641 | Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp | aio-libs | aiohttp | Low | 3.4 | 2023-11-14 20:44:09 | Deep Dive |
| CVE-2023-37276 | aiohttp vulnerable to HTTP request smuggling | aio-libs | aiohttp | Medium | 5.3 | 2023-07-19 19:39:19 | Deep Dive |
| CVE-2021-21330 | Open redirect vulnerability in aiohttp | aio-libs | aiohttp | Low | 3.1 | 2021-02-26 02:15:15 | Deep Dive |