GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
AIOHTTP vulnerable to DoS when bypassing asserts
Moderate
CVE-2025-69227
was published
for
aiohttp
(pip)
Jan 5, 2026
AIOHTTP vulnerable to brute-force leak of internal static file path components
Low
CVE-2025-69226
was published
for
aiohttp
(pip)
Jan 5, 2026
AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
High
CVE-2025-69223
was published
for
aiohttp
(pip)
Jan 5, 2026
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Moderate
CVE-2024-52304
was published
for
aiohttp
(pip)
Nov 18, 2024
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Moderate
CVE-2024-52303
was published
for
aiohttp
(pip)
Nov 18, 2024
In aiohttp, compressed files as symlinks are not protected from path traversal
Moderate
CVE-2024-42367
was published
for
aiohttp
(pip)
Aug 9, 2024
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Moderate
CVE-2024-27306
was published
for
aiohttp
(pip)
Apr 18, 2024
ProTip!
Advisories are also available from the
GraphQL API