218 matches found
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34518 via aiohttp (>=0.13.1 <=3.13.3)
aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34518 Source advisory: OSV:GHSA-966J-VMVW-G2G9...
GHSA-966J-VMVW-G2G9 AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34517 via aiohttp (>=0.13.1 <=3.13.3)
aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34517 Source advisory: OSV:GHSA-3WQ7-RQQ7-WX6J...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Request.post function. An attacker can cause excessive memory allocation by sending a specially crafted multipart request containing large non-file fields. Remediation Upgrade...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34516 via aiohttp (>=3.0.0b0 <=3.13.3)
aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34516 Source advisory: SNYK:PYTHON-AIOHTTP-15873732...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the processing of multipart headers. An attacker can cause excessive memory consumption by sending a response with an unusually large number of multipart headers. Remediation Upgra...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34516 via aiohttp (>=0.13.1 <=3.13.3)
aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34516 Source advisory: OSV:GHSA-M5QP-6W8W-W647...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34515 via aiohttp (>=3.0.0b0 <=3.13.3)
aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34515 Source advisory: SNYK:PYTHON-AIOHTTP-15873738...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34515 via aiohttp (>=0.13.1 <=3.13.3)
aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34515 Source advisory: OSV:GHSA-P998-JP59-783M...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34514 via aiohttp (>=0.13.1 <=3.13.3)
aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34514 Source advisory: OSV:GHSA-2VRM-GR82-F7M5...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34514 via aiohttp (>=3.0.0b0 <=3.13.3)
aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34514 Source advisory: SNYK:PYTHON-AIOHTTP-15873736...
AIOHTTP has CRLF injection through multipart part content type header construction
Summary An attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. Impact If an application allows untrusted data to be used for the multipart contenttype parameter when constructing a request, an attacker may be able to manipulate th...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34513 via aiohttp (>=0.13.1 <=3.13.3)
aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34513 Source advisory: OSV:GHSA-HCC4-C3V8-RX92...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34513 via aiohttp (>=3.0.0b0 <=3.13.3)
aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34513 Source advisory: SNYK:PYTHON-AIOHTTP-15873737...
DEBIAN-CVE-2026-34516
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....
UBUNTU-CVE-2026-34513
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...
CVE-2026-34514
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...
UBUNTU-CVE-2026-34516
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....
CVE-2026-34525 AIOHTTP: Duplicate Host header accepted
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...
CVE-2026-34525
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...