{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:14e132ec-95b7-518f-8ceb-e6f45b10dcd3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare", "type": "library", "name": "aiohttp", "version": "3.8.1.post10+tuxcare", "purl": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1b540b8d-30e2-5cd0-af84-ab617626ef72", "id": "CVE-2022-33124", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-33124 is a false positive for aiohttp 3.8.1.post10+tuxcare." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:14d148f2-45e5-50a0-a519-6cf5b5e3f5cd", "id": "CVE-2023-37276", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-37276 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:f8364c7b-5dc9-5c03-b24e-24d683845723", "id": "CVE-2023-49081", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-49081 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:fcbcc155-c50d-5cb8-bbda-b13ba73337b6", "id": "CVE-2023-49082", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-49082 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:2971b38c-4456-5e00-9d29-d5e2d25516e0", "id": "CVE-2024-23334", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23334 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:43256a51-890c-5033-b97b-71c2f6ea6852", "id": "CVE-2024-23829", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23829 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:f312bde1-06f3-5cb3-b081-9c0a9677787f", "id": "CVE-2024-27306", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-27306 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:e7b2490b-1a9c-54f3-b333-147ef2574f74", "id": "CVE-2024-30251", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-30251 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:4bcd4a5e-e480-5da5-b3e2-1d7b887cd21e", "id": "CVE-2024-52304", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52304 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:a3473a38-af9b-5ee1-ad72-b0f2e7f5d0e0", "id": "CVE-2025-53643", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53643 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:13030cea-8d53-5e9d-a005-8cb20aa11515", "id": "CVE-2025-69223", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69223 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:5acc7db3-83df-56a5-9ef4-74ed087b635b", "id": "CVE-2025-69224", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69224 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:061cf140-9a78-5d7b-a6a4-0b17a84e78fc", "id": "CVE-2025-69225", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69225 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:9d7320d5-8477-5a14-bfcc-0d688c1a31a3", "id": "CVE-2025-69226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69226 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:e9959a10-e767-5a03-911c-37437b83eabb", "id": "CVE-2025-69227", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69227 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:833c4b5d-a526-5199-a2ca-34af776cf1b1", "id": "CVE-2025-69228", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69228 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:335346c6-cc1f-5d98-9ecf-42f725bf56af", "id": "CVE-2025-69229", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69229 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:366d53fb-69ca-51f5-ba9f-13320f9e81bc", "id": "CVE-2025-69230", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69230 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:91c9f638-81d7-5f05-a995-4cd522b6d6c1", "id": "CVE-2026-22815", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22815 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:5985b390-8f34-59e8-9f8a-ec2bd5dd76a0", "id": "CVE-2026-34513", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34513 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:26a34c2e-84a3-54eb-8c75-6ecbdcbd4796", "id": "CVE-2026-34514", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34514 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:70a5de75-22de-506e-9d1d-0e418ba895ef", "id": "CVE-2026-34515", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34515 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:eb38dc7e-ebd5-5477-a9ee-bb59655534af", "id": "CVE-2026-34516", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34516 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:9ad4b367-6234-5904-a2e3-0299e21f4d0f", "id": "CVE-2026-34517", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34517 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:e1c45880-fbc7-5ec8-8579-34b1d533bdc9", "id": "CVE-2026-34518", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34518 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:a56686ad-74c4-52eb-8c29-e481cb60c67c", "id": "CVE-2026-34519", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34519 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:f287cf06-d298-5d84-aa03-e54d98be09d3", "id": "CVE-2026-34520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34520 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:f22f974b-8585-5803-8600-e4caae16ae19", "id": "CVE-2026-34525", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34525 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:95462169-cfae-5bbc-81fe-34fa222c26c0", "id": "CVE-2026-34993", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34993 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:30129b4d-294b-5a2c-901c-defda9638fd4", "id": "CVE-2026-47265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47265 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:58eefa66-804a-5686-8293-bd7bdd7defa5", "id": "CVE-2026-50269", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50269 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:0192d714-313a-5918-9565-3d9a1f42272a", "id": "CVE-2026-54273", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54273 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:6c413c82-b6e5-54e6-add9-6b561a250877", "id": "CVE-2026-54274", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54274 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:7d96235e-2c92-584c-a0b5-b4c2dbfd78ac", "id": "CVE-2026-54275", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54275 does not affect version 3.8.1.post10+tuxcare of aiohttp. not_affected \u2014 CVE-2026-54275 does not affect aiohttp version 3.8.1.post10+tuxcare. The vulnerability requires the ability to specify custom per-request server_hostname parameters, a feature that was introduced in version 3.10.0. Version 3.8.1 hardcodes server_hostname to the request host, making the attack scenario impossible." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:9f78e84a-b085-5989-8dd6-994e8fa373d6", "id": "CVE-2026-54276", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54276 does not affect version 3.8.1.post10+tuxcare of aiohttp. not_affected \u2014 The target repository (aiohttp 3.8.1.post10+tuxcare) is not affected by CVE-2026-54276. The vulnerable component DigestAuthMiddleware was introduced in version 3.12+ and does not exist in this older version." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:b96bad6e-2443-5daa-8457-a485d2785e2b", "id": "CVE-2026-54277", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54277 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:0c391780-b6f2-5063-95e5-8a3a7564205b", "id": "CVE-2026-54278", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54278 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:12c487ee-d7a9-5d35-9d00-0524ecf66838", "id": "CVE-2026-54279", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54279 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:11e05be1-f67e-56d8-bb49-fa478fb56cb1", "id": "CVE-2026-54280", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54280 affects version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }, { "bom-ref": "urn:uuid:b3b7a295-c727-5cf3-a3d5-e67ef2b0b1a2", "id": "GHSA-pjjw-qhg8-p2p9", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-pjjw-qhg8-p2p9 is fixed in version 3.8.1.post10+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post10+tuxcare" } ] }