EUVD-2026-34001

AIOHTTP is Vulnerable to Deserialization of Untrusted Data...

CVE-2026-34514

CVE-2026-34514 affects AIOHTTP prior to 3.13.4, where the content_type parameter used when constructing multipart headers could enable CRLF injection leading to extra header insertion. The vulnerability is mitigated by upgrading to 3.13.4, which patches the issue. The CVSS data (MEDIUM, network v...

PT-2026-29602

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP, an asynchronous HTTP client/server framework, is susceptible to excessive memory usage due to an unbounded DNS cache. This can potentially lead to a Denial of Service DoS situation if an...

PT-2026-29603

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. An attacker controlling the content type parameter in aiohttp could inject extra headers or similar exploits. If an...

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

aiohttp Environment Issue Vulnerability

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A vulnerability exists in aiohttp versions prior to 3.9.2, which stems from the HTTP parser's overly lax treatment of delimiters, which can help with request smuggling...