CVE-2025-69224 AIOHTTP's Unicode processing of header values could cause parsing discrepancies

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...

CVE-2025-69224

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...

CVE-2025-69224

AIOHTTP (Python) vulnerability CVE-2025-69224 affects versions 3.13.2 and below of the Python HTTP parser. The issue arises from how non-ASCII characters may enable a request smuggling attack, potentially bypassing firewalls or proxy protections when a pure-Python build is used or AIOHTTP_NO_EXTE...

AZL-73494 CVE-2025-69223 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

AZL-73517 CVE-2025-69223 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

UBUNTU-CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

GHSA-QHX6-HPFJ-8M4G vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-13837 vulnerabilities

Vulnerabilities for packages: python...

GHSA-399H-RRQC-RPGV vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-13836 vulnerabilities

Vulnerabilities for packages: python...

GHSA-QHX6-HPFJ-8M4G vulnerabilities

Vulnerabilities for packages: python...

GHSA-399H-RRQC-RPGV vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-13836 vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-13837 vulnerabilities

Vulnerabilities for packages: python...

FoolishScan-

Foolish Scan v2.3 Gold Master Context-Aware CTF & Lab Re...

FoolishScan

Foolish Scan v2.3 Gold Master Context-Aware CTF & Lab Re...

EUVD-2026-0928

Malicious code in lium-io-gztensor PyPI...

Malicious code in lium-io-gztensor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f87521be2fb53979b969dc362d41bfcf6c9f860f8d6517a76889a81dedc06a1 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

EUVD-2026-0929

Malicious code in lium-4-96 PyPI...