3 matches found
GHSA-JH37-X3FV-4X72 aiograpi: Unsafe signup challenge path handling
aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intended...
GHSA-7MW3-79JQ-XC7F aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)
Impact aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 and later ==3.11.8 in requirements.txt but setup.py carried a hard-coded duplicate requirements = ... list that was never updated and still pinned orjson==3.11.4. When setuptools builds the source distribution it reads the metadata fro...
aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)
Impact aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 and later ==3.11.8 in requirements.txt but setup.py carried a hard-coded duplicate requirements = ... list that was never updated and still pinned orjson==3.11.4. When setuptools builds the source distribution it reads the metadata fro...