Python Aiohttp
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Python Aiohttp.
By the Year
In 2026 there have been 0 vulnerabilities in Python Aiohttp. Aiohttp did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 0.00 |
It may take a day or so for new Aiohttp vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Python Aiohttp Security Vulnerabilities
aiohttp <3.10.11 Request Smuggling via Incorrect Chunk Extension Parsing
CVE-2024-52304
- November 18, 2024
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.10.11 fixes the issue.
HTTP Request Smuggling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Python Aiohttp or by Python? Click the Watch button to subscribe.
