Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1148 matches found

NVD
NVDadded 2026/01/05 10:15 p.m.3 views

CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS0.00299EPSS
Exploits0References2
OSV
OSVadded 2026/01/05 10:15 p.m.6 views

AZL-73517 CVE-2025-69223 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS6.4AI score0.00299EPSS
Exploits0References1
OSV
OSVadded 2026/01/05 10:15 p.m.2 views

DEBIAN-CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS6.7AI score0.00299EPSS
Exploits0References1
OSV
OSVadded 2026/01/05 10:15 p.m.3 views

AZL-73494 CVE-2025-69223 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS7.2AI score0.00299EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/01/05 10:15 p.m.3 views

CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS6.9AI score0.00299EPSS
Exploits0References4
OSV
OSVadded 2026/01/05 10:15 p.m.1 views

UBUNTU-CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS6.3AI score0.00299EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/01/05 10:0 p.m.22 views

CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS0.00299EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/01/05 10:0 p.m.1 views

CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS6.5AI score0.00299EPSS
Exploits0References2
CVE
CVEadded 2026/01/05 10:0 p.m.20 views

CVE-2025-69223

CVE-2025-69223 affects AIOHTTP (async HTTP framework for asyncio/Python). Version 3.13.2 and earlier are vulnerable to a zip bomb that, when decompressed by the server, can exhaust memory and cause a DoS. The issue is resolved in version 3.13.3. In practice, an attacker could send a compressed re...

7.5CVSS6.5AI score0.00299EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2026/01/05 10:0 p.m.3 views

CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS6.7AI score0.00299EPSS
Exploits0
OSV
OSVadded 2026/01/05 10:0 p.m.6 views

CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS6.8AI score0.00299EPSS
Exploits0References4
AlpineLinux
AlpineLinuxadded 2026/01/05 10:0 p.m.3 views

CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS7AI score0.00299EPSS
Exploits0
CNNVD
CNNVDadded 2026/01/05 12:0 a.m.3 views

aiohttp 信息泄露漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. An information disclosure vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from path normalization logic that may disclose absolute path component information,...

6.3CVSS5.9AI score0.00313EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/01/05 12:0 a.m.4 views

aiohttp 安全漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. A security vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from a zip bomb that can cause the server to run out of memory, potentially leading to a denial-of-service...

7.5CVSS6.4AI score0.00299EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/01/05 12:0 a.m.3 views

PT-2026-1349

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, may be susceptible to a request smuggling attack when using versions 3.13.2 and below. This issue arises from the...

6.5CVSS6.6AI score0.00213EPSS
Exploits0References213
Positive Technologies
Positive Technologiesadded 2026/01/05 12:0 a.m.2 views

PT-2026-1353

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, is susceptible to a denial-of-service DoS attack. When optimizations are enabled using -O or PYTHONOPTIMIZE=1, and an...

8.7CVSS6.6AI score0.00337EPSS
Exploits0References217
Positive Technologies
Positive Technologiesadded 2026/01/05 12:0 a.m.2 views

PT-2026-1354

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below are susceptible to a denial of service condition. An attacker can craft a request that caus...

8.7CVSS6.7AI score0.00347EPSS
Exploits0References217
Positive Technologies
Positive Technologiesadded 2026/01/05 12:0 a.m.2 views

PT-2026-1348

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, is susceptible to a denial-of-service DoS attack. An attacker can send a compressed request, specifically a zip bomb,...

7.8CVSS6.6AI score0.00299EPSS
Exploits0References214
Positive Technologies
Positive Technologiesadded 2026/01/05 12:0 a.m.7 views

PT-2026-1357

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Accessing the cookies attribute in an application with versions 3.13.2 and below can lead to a logging storm when...

6.9CVSS6.6AI score0.00332EPSS
Exploits0References188
Positive Technologies
Positive Technologiesadded 2026/01/05 12:0 a.m.3 views

PT-2026-1350

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, has an issue in its parser logic. The parser allows non-ASCII decimals to be present in the Range header. This could...

6.9CVSS6.6AI score0.00236EPSS
Exploits0References214
Rows per page
Query Builder