Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

aio-libs — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting aio-libs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

aio-libs is a collection of asynchronous Python libraries, primarily serving as the foundational infrastructure for the aiohttp web framework and related tools like aiofiles. These components facilitate high-performance network communication and file I/O in concurrent applications. Historically, the ecosystem has been associated with thirty-six recorded Common Vulnerabilities and Exposures, predominantly involving denial-of-service conditions, improper input validation, and potential remote code execution through crafted HTTP requests or malformed data streams. Notable security characteristics include issues related to header injection and resource exhaustion, reflecting the complexity of handling asynchronous state management. While no single catastrophic incident has defined the project’s history, the cumulative vulnerability count highlights the risks inherent in maintaining complex, low-level networking abstractions. Developers must rigorously audit dependencies and apply patches promptly to mitigate these persistent exposure vectors within their asynchronous Python environments.

CVE IDTitleCVSSSeverityPublished
CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections — aiohttpCWE-444 9.8 -2025-07-14
CVE-2025-48945 pycares has a Use-After-Free Vulnerability — aiodnsCWE-416 7.5AIHighAI2025-06-20
CVE-2024-52304 aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions — aiohttpCWE-444 7.5 -2024-11-18
CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method — aiohttpCWE-772 5.9 -2024-11-18
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal — aiohttpCWE-61 4.8 Medium2024-08-09
CVE-2024-34083 STARTTLS unencrypted commands injection — aiosmtpdCWE-349 5.4 Medium2024-05-18
CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp — aiohttpCWE-835 7.5 High2024-05-02
CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling — aiohttpCWE-79 6.1 Medium2024-04-18
CVE-2024-27305 SMTP smuggling in aiosmtpd — aiosmtpdCWE-345 5.3 Medium2024-03-12
CVE-2024-23334 aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal — aiohttpCWE-22 5.9 Medium2024-01-29
CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators — aiohttpCWE-444 6.5 Medium2024-01-29
CVE-2023-49081 aiohttp's ClientSession is vulnerable to CRLF injection via version — aiohttpCWE-20 7.2 High2023-11-30
CVE-2023-49082 aiohttp's ClientSession is vulnerable to CRLF injection via method — aiohttpCWE-93 5.3 Medium2023-11-29
CVE-2023-47627 Request smuggling in aiohttp — aiohttpCWE-444 5.3 Medium2023-11-14
CVE-2023-47641 Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp — aiohttpCWE-444 3.4 Low2023-11-14
CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling — aiohttpCWE-444 5.3 Medium2023-07-19
CVE-2021-21330 Open redirect vulnerability in aiohttp — aiohttpCWE-601 3.1 Low2021-02-26

This page lists every published CVE security advisory associated with aio-libs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.