Aiohttp

This hub aggregates every CVE we track for Aiohttp, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Aiohttp.

• CVE-2026-47265AIOHTTP vulnerable to cross-origin redirect with per-request cookies7.5Jun 2, 2026
• CVE-2026-34993AIOHTTP Vulnerable to Deserialization of Untrusted Data6.4Jun 2, 2026
• CVE-2026-34525AIOHTTP: Duplicate Host header accepted5.3Apr 1, 2026
• CVE-2026-34520AIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypass9.1Apr 1, 2026
• CVE-2026-34519AIOHTTP: HTTP response splitting via \r in reason phrase5.3Apr 1, 2026
• CVE-2026-34518AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect5.3Apr 1, 2026
• CVE-2026-34517AIOHTTP: Late size enforcement for non-file multipart fields causes memory DoS5.3Apr 1, 2026
• CVE-2026-34516AIOHTTP: Multipart Header Size Bypass7.5Apr 1, 2026
• CVE-2026-34515AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows7.5Apr 1, 2026
• CVE-2026-34514AIOHTTP: CRLF injection in multipart part content type header construction5.3Apr 1, 2026
• CVE-2026-22815AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers7.5Apr 1, 2026
• CVE-2026-34513AIOHTTP: Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector7.5Apr 1, 2026
• CVE-2025-69230AIOHTTP Vulnerable to Cookie Parser Warning Storm5.3Jan 5, 2026
• CVE-2025-69229AIOHTTP vulnerable to DoS through chunked messages5.3Jan 5, 2026
• CVE-2025-69228AIOHTTP vulnerable to denial of service through large payloads7.5Jan 5, 2026