{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2ed0b7ef-c78b-5d05-be8d-3f468eb09807", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare", "type": "library", "name": "aiohttp", "version": "3.8.1.post9+tuxcare", "purl": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:84377ff9-1b76-5919-b3b7-de1f106a56da", "id": "CVE-2022-33124", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-33124 is a false positive for aiohttp 3.8.1.post9+tuxcare." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:a947b4a7-0816-5a99-be7f-fcc28590b66f", "id": "CVE-2023-37276", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-37276 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:930025f8-b7a8-5bb2-92e0-8225a8e87370", "id": "CVE-2023-49081", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-49081 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:f6a151ac-54b4-5291-8ca4-dc3926b46d82", "id": "CVE-2023-49082", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-49082 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:f23caa1e-1681-5bad-be52-4139c95df362", "id": "CVE-2024-23334", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23334 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:526f7248-fb86-55b8-b7b4-848d2b395528", "id": "CVE-2024-23829", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23829 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:0157721b-c848-55d7-8756-43aa94eb5b37", "id": "CVE-2024-27306", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-27306 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:efb5e29f-50f6-5192-98e5-d86043c9db11", "id": "CVE-2024-30251", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-30251 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:097feef1-cfe3-5db6-8f58-60b2884cfe8a", "id": "CVE-2024-52304", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52304 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:bce9a7f0-4340-5ec6-813c-c3e91d00700f", "id": "CVE-2025-53643", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53643 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:6b13a68c-98e4-5b21-bb7d-a85f56e659f9", "id": "CVE-2025-69223", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69223 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:62001f04-9ea0-5206-94ea-a8b4c52494d7", "id": "CVE-2025-69224", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69224 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:6d999fc5-6aa4-56e0-9abc-91ffa6111cef", "id": "CVE-2025-69225", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69225 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:77a39559-3f82-5edd-a6d3-6021d4d92613", "id": "CVE-2025-69226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69226 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:93c29790-5675-5bd6-ada0-4616102aed46", "id": "CVE-2025-69227", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69227 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:cac6d6a5-90c2-509c-b6de-898216f746db", "id": "CVE-2025-69228", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69228 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:57545f10-8d1a-509a-8add-192dce43c4af", "id": "CVE-2025-69229", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69229 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:483712d8-c74b-5f81-82ee-9750442e6d7e", "id": "CVE-2025-69230", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69230 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:77ae42cb-5d7c-506c-be2c-a2c4c3baecb8", "id": "CVE-2026-22815", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22815 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:eafe9b2c-760c-5e15-9a7a-e35ce2b2b06f", "id": "CVE-2026-34513", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34513 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:06396d7e-13c1-5757-a578-0453f492cc13", "id": "CVE-2026-34514", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34514 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:429f8a43-5a09-59bf-bec2-a3cfb9422360", "id": "CVE-2026-34515", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34515 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:d62863e0-ebf5-5da2-ab07-13c708fb43da", "id": "CVE-2026-34516", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34516 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:aaee17a2-e191-5ac2-ae9e-38aa4b4835d3", "id": "CVE-2026-34517", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34517 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:dd9b9247-1527-5060-9f82-a4367cd0266c", "id": "CVE-2026-34518", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34518 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:53cdb994-c96c-5d8f-8981-17f1db41c4a8", "id": "CVE-2026-34519", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34519 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:15f03de7-a0e4-5061-ab55-61080fc83d25", "id": "CVE-2026-34520", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34520 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:9b7b39cc-7d16-5780-9ca7-ee3d11d372fe", "id": "CVE-2026-34525", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34525 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:dfe4bd6e-6796-528d-895d-e1fd733802af", "id": "CVE-2026-34993", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34993 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:5fad0220-2c42-5d67-9059-b082efbf3f0b", "id": "CVE-2026-47265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47265 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:db32fac0-6136-5f12-8748-c660b9b4b3a8", "id": "CVE-2026-50269", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50269 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:64254e88-6533-51cb-ade7-58ad9bbfb599", "id": "CVE-2026-54273", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54273 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:d670aa79-c618-5e18-bfd6-79ecb5a1b261", "id": "CVE-2026-54274", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54274 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:92429e4e-cd6a-5843-bc50-878cbc6f7b6b", "id": "CVE-2026-54275", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54275 does not affect version 3.8.1.post9+tuxcare of aiohttp. not_affected \u2014 CVE-2026-54275 does not affect aiohttp version 3.8.1.post10+tuxcare. The vulnerability requires the ability to specify custom per-request server_hostname parameters, a feature that was introduced in version 3.10.0. Version 3.8.1 hardcodes server_hostname to the request host, making the attack scenario impossible." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:3849c41d-9559-5991-9662-5961eb4e67da", "id": "CVE-2026-54276", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54276 does not affect version 3.8.1.post9+tuxcare of aiohttp. not_affected \u2014 The target repository (aiohttp 3.8.1.post10+tuxcare) is not affected by CVE-2026-54276. The vulnerable component DigestAuthMiddleware was introduced in version 3.12+ and does not exist in this older version." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:6675cad5-e9e4-59e5-8e24-ded8870b6c4e", "id": "CVE-2026-54277", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54277 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:aaec1eb7-b754-594b-ae1e-d182b4006c55", "id": "CVE-2026-54278", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54278 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:1ab1dc7c-decb-523c-b92a-7bd085fc1945", "id": "CVE-2026-54279", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54279 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:e8441b45-6a92-5adc-8a20-063152857b2e", "id": "CVE-2026-54280", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54280 affects version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }, { "bom-ref": "urn:uuid:ca3c6746-7c3d-574c-a90f-a231f2e69ced", "id": "GHSA-pjjw-qhg8-p2p9", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-pjjw-qhg8-p2p9 is fixed in version 3.8.1.post9+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:pypi/aiohttp@3.8.1.post9+tuxcare" } ] }