UBUNTU-CVE-2026-54280

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

UBUNTU-CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

UBUNTU-CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

UBUNTU-CVE-2026-54278

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...

CVE-2026-54273

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

CVE-2026-54278

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...

CVE-2026-54279

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

CLEANSTART-2026-NM83456 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python

Multiple security vulnerabilities affect the airflow-2 package. AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. See references for individual vulnerability details...

CLEANSTART-2026-CQ39708 Netty is an asynchronous, event-driven network application framework

Multiple security vulnerabilities affect the logstash-fips package. Netty is an asynchronous, event-driven network application framework. See references for individual vulnerability details...

EUVD-2026-18048

AIOHTTP accepts duplicate Host headers...

EUVD-2026-18037

AIOHTTP has CRLF injection through multipart part content type header construction...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2024:1079-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1079-1 advisory. - Netty is an asynchronous event-driven network application framework for rapid development of maintainab...

userver 安全漏洞

userver is a modern open source asynchronous framework from userver open source. Used to create C++ microservices, services and utilities quickly and comfortably. A security vulnerability exists in userver that stems from the fact that it allows an attacker to implement a denial of service via a...

JetBrains Ktor Native Security Feature Issue Vulnerability

JetBrains Ktor Native is an asynchronous framework for creating microservices, web applications, etc. JetBrains Ktor Native versions prior to 2.0.0 are vulnerable to a security feature that stems from the fact that random values used for random number generation are not implemented using...