GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections
Low
CVE-2026-54275
was published
for
aiohttp
(pip)
Jun 15, 2026
aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect
Low
CVE-2026-54280
was published
for
aiohttp
(pip)
Jun 15, 2026
aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
Moderate
CVE-2026-54273
was published
for
aiohttp
(pip)
Jun 15, 2026
aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup
Moderate
CVE-2026-54278
was published
for
aiohttp
(pip)
Jun 15, 2026
aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines
Moderate
CVE-2026-54277
was published
for
aiohttp
(pip)
Jun 15, 2026
aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges
Moderate
CVE-2026-54276
was published
for
aiohttp
(pip)
Jun 15, 2026
aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
Low
CVE-2026-54279
was published
for
aiohttp
(pip)
Jun 15, 2026
AIOHTTP accepts duplicate Host headers
Moderate
CVE-2026-34525
was published
for
aiohttp
(pip)
Apr 1, 2026
AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows
Moderate
CVE-2026-34515
was published
for
aiohttp
(pip)
Apr 1, 2026
AIOHTTP vulnerable to DoS when bypassing asserts
Moderate
CVE-2025-69227
was published
for
aiohttp
(pip)
Jan 5, 2026
AIOHTTP vulnerable to brute-force leak of internal static file path components
Low
CVE-2025-69226
was published
for
aiohttp
(pip)
Jan 5, 2026
AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
High
CVE-2025-69223
was published
for
aiohttp
(pip)
Jan 5, 2026
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Moderate
CVE-2024-52304
was published
for
aiohttp
(pip)
Nov 18, 2024
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Moderate
CVE-2024-52303
was published
for
aiohttp
(pip)
Nov 18, 2024
In aiohttp, compressed files as symlinks are not protected from path traversal
Moderate
CVE-2024-42367
was published
for
aiohttp
(pip)
Aug 9, 2024
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Moderate
CVE-2024-27306
was published
for
aiohttp
(pip)
Apr 18, 2024
ProTip!
Advisories are also available from the
GraphQL API