Browse all 36 CVE security advisories affecting aio-libs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
aio-libs is a collection of asynchronous Python libraries, primarily serving as the foundational infrastructure for the aiohttp web framework and related tools like aiofiles. These components facilitate high-performance network communication and file I/O in concurrent applications. Historically, the ecosystem has been associated with thirty-six recorded Common Vulnerabilities and Exposures, predominantly involving denial-of-service conditions, improper input validation, and potential remote code execution through crafted HTTP requests or malformed data streams. Notable security characteristics include issues related to header injection and resource exhaustion, reflecting the complexity of handling asynchronous state management. While no single catastrophic incident has defined the project’s history, the cumulative vulnerability count highlights the risks inherent in maintaining complex, low-level networking abstractions. Developers must rigorously audit dependencies and apply patches promptly to mitigate these persistent exposure vectors within their asynchronous Python environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-49081 | aiohttp's ClientSession is vulnerable to CRLF injection via version — aiohttpCWE-20 | 7.2 | High | 2023-11-30 |
| CVE-2023-49082 | aiohttp's ClientSession is vulnerable to CRLF injection via method — aiohttpCWE-93 | 5.3 | Medium | 2023-11-29 |
| CVE-2023-47627 | Request smuggling in aiohttp — aiohttpCWE-444 | 5.3 | Medium | 2023-11-14 |
| CVE-2023-47641 | Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp — aiohttpCWE-444 | 3.4 | Low | 2023-11-14 |
| CVE-2023-37276 | aiohttp vulnerable to HTTP request smuggling — aiohttpCWE-444 | 5.3 | Medium | 2023-07-19 |
| CVE-2021-21330 | Open redirect vulnerability in aiohttp — aiohttpCWE-601 | 3.1 | Low | 2021-02-26 |
This page lists every published CVE security advisory associated with aio-libs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.