Apache-2.0 AND MIT
All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2026-34525 | Affected versions of the aiohttp package are vulnerable to HTTP Request Smuggling due to the acceptance of duplicate Host headers in incoming HTTP requests. The C extension HTTP parser failed to rejec… | Medium | – | – | <3.13.4 |
| CVE-2026-34515 | Affected versions of the aiohttp package are vulnerable to Server-Side Request Forgery (SSRF) and Information Disclosure due to insufficient path validation in the static resource handler on Windows. … | Medium | – | – | <=3.13.3 |
| CVE-2026-34516 | Affected versions of the aiohttp package are vulnerable to Denial of Service due to insufficient size restrictions on multipart headers. Multipart headers were not subject to the same memory limits en… | Medium | – | – | <=3.13.3 |
| CVE-2026-22815 | aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage | Medium | – | – | <= 3.13.3 |
| CVE-2026-34517 | Affected versions of the aiohttp package are vulnerable to Denial of Service due to late enforcement of the client_max_size limit on non-file multipart form fields. When an application uses Request.po… | Low | – | – | <=3.13.3 |
| CVE-2026-34518 | Affected versions of the aiohttp package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects. When following a redirect to a different … | Low | – | – | <=3.13.3 |
| CVE-2026-34514 | Affected versions of the aiohttp package are vulnerable to CRLF Injection due to insufficient sanitization of the content_type parameter during multipart request header construction. An attacker who c… | Low | – | – | <=3.13.3 |
| CVE-2026-34513 | Affected versions of the aiohttp package are vulnerable to Denial of Service (DoS) due to an unbounded DNS cache in TCPConnector that grows without limit. When an application issues requests to a larg… | Low | – | – | <=3.13.3 |
| CVE-2026-34520 | Affected versions of the aiohttp package are vulnerable to HTTP Response Splitting due to the default C parser (llhttp) accepting null bytes and control characters in response header values. Specifica… | Low | – | – | <=3.13.3 |
| CVE-2026-34519 | Affected versions of the aiohttp package are vulnerable to HTTP Response Splitting due to improper neutralisation of carriage return characters in the reason phrase of HTTP responses. The Response cla… | Low | – | – | <=3.13.3 |
Page 1
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.