| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34525 | AIOHTTP: Duplicate Host header accepted | aio-libs | aiohttp | 中危 | - | 2026-04-01 20:28:47 | Deep Dive |
| CVE-2026-34520 | AIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypass | aio-libs | aiohttp | 低危 | - | 2026-04-01 20:27:48 | Deep Dive |
| CVE-2026-34519 | AIOHTTP: HTTP response splitting via \r in reason phrase | aio-libs | aiohttp | 中危 | - | 2026-04-01 20:26:26 | Deep Dive |
| CVE-2026-34518 | AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect | aio-libs | aiohttp | 低危 | - | 2026-04-01 20:15:22 | Deep Dive |
| CVE-2026-34517 | AIOHTTP: Late size enforcement for non-file multipart fields causes memory DoS | aio-libs | aiohttp | 低危 | - | 2026-04-01 20:14:16 | Deep Dive |
| CVE-2026-34516 | AIOHTTP: Multipart Header Size Bypass | aio-libs | aiohttp | 中危 | - | 2026-04-01 20:13:05 | Deep Dive |
| CVE-2026-34515 | AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows | aio-libs | aiohttp | 中危 | - | 2026-04-01 20:10:48 | Deep Dive |
| CVE-2026-34514 | AIOHTTP: CRLF injection in multipart part content type header construction | aio-libs | aiohttp | 中危 | - | 2026-04-01 20:09:51 | Deep Dive |
| CVE-2026-22815 | AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers | aio-libs | aiohttp | 中危 | - | 2026-04-01 20:08:09 | Deep Dive |
| CVE-2026-34513 | AIOHTTP: Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector | aio-libs | aiohttp | - | - | 2026-04-01 20:06:14 | Deep Dive |
| CVE-2025-69230 | AIOHTTP Vulnerable to Cookie Parser Warning Storm | aio-libs | aiohttp | 高危 | - | 2026-01-05 23:47:39 | Deep Dive |
| CVE-2025-69229 | AIOHTTP vulnerable to DoS through chunked messages | aio-libs | aiohttp | 高危 | - | 2026-01-05 23:37:53 | Deep Dive |
| CVE-2025-69228 | AIOHTTP vulnerable to denial of service through large payloads | aio-libs | aiohttp | 高危 | - | 2026-01-05 23:30:33 | Deep Dive |
| CVE-2025-69227 | AIOHTTP vulnerable to DoS when bypassing asserts | aio-libs | aiohttp | 高危 | - | 2026-01-05 23:19:31 | Deep Dive |
| CVE-2025-69225 | AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields | aio-libs | aiohttp | 中危 | - | 2026-01-05 23:16:19 | Deep Dive |
| CVE-2025-69226 | AIOHTTP allows for a brute-force leak of internal static filepath components | aio-libs | aiohttp | 中危 | - | 2026-01-05 22:52:38 | Deep Dive |
| CVE-2025-69224 | AIOHTTP's Unicode processing of header values could cause parsing discrepancies | aio-libs | aiohttp | 中危 | - | 2026-01-05 22:35:42 | Deep Dive |
| CVE-2025-69223 | AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb | aio-libs | aiohttp | High | 7.5 | 2026-01-05 22:00:18 | Deep Dive |
| CVE-2025-53643 | AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections | aio-libs | aiohttp | 低危 | - | 2025-07-14 20:17:18 | Deep Dive |
| CVE-2024-52304 | aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions | aio-libs | aiohttp | 中危 | - | 2024-11-18 20:12:49 | Deep Dive |