{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:72141afe-96be-5319-b920-c51333329a3a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/aiohttp@3.8.1", "type": "library", "name": "aiohttp", "version": "3.8.1", "purl": "pkg:pypi/aiohttp@3.8.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:089aa644-23d0-5623-9989-056d2cd7a6fe", "id": "CVE-2022-33124", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-33124 is a false positive for aiohttp 3.8.1." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:f0a74681-572e-5e32-aff4-02fd604481a6", "id": "CVE-2025-69223", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69223 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:5c1eb903-0f0c-5cb4-9622-d258537c61f5", "id": "CVE-2025-69224", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69224 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:b6819739-6e3b-55b7-a3e3-e3e7a3c4ea29", "id": "CVE-2025-69225", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69225 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:242fe72a-ccc7-5405-a8d7-9195936eb8ef", "id": "CVE-2025-69226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69226 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:61030624-b4ac-56b7-87b9-c4fa1937fd3d", "id": "CVE-2025-69227", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69227 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:f9c3bfbd-1510-5fb0-b78b-86362136aec0", "id": "CVE-2025-69228", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69228 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:0e4e5cc5-324a-54c7-a387-f4c345333d4a", "id": "CVE-2025-69229", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69229 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:e9fedede-46bf-5078-a339-a4d8cdaa268b", "id": "CVE-2025-69230", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69230 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:4621c0cf-e0c1-5751-80b9-482e42aefbaf", "id": "CVE-2026-34514", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34514 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:9795e796-71b8-5432-abfd-0ea8aa237dce", "id": "CVE-2026-34515", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34515 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:a3bad52d-7188-52d0-9e7b-7aff45ad4264", "id": "CVE-2026-34516", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34516 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:3a4b582b-86bf-5ebc-86e6-e949f8f1c0e2", "id": "CVE-2026-34519", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34519 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:b4c05f92-ac9f-5567-aec7-43cb7e723473", "id": "CVE-2026-34525", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34525 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:51771817-df74-5608-b9d9-88b21cbf750a", "id": "CVE-2026-34993", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34993 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:7746ee05-ad49-5f58-98cc-94ddec54105e", "id": "CVE-2026-47265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47265 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:0628379b-e779-5ed6-a9db-59f550eb1e25", "id": "CVE-2026-50269", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50269 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:912aace3-70a0-593a-93eb-f8a77cad1b73", "id": "CVE-2026-54273", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54273 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:886947cf-71c9-523a-998f-f6966f3cde1e", "id": "CVE-2026-54274", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54274 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:86959245-ac94-5760-a6cf-f4e24e9cb1fb", "id": "CVE-2026-54275", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54275 does not affect version 3.8.1 of aiohttp. not_affected \u2014 CVE-2026-54275 does not affect aiohttp version 3.8.1.post10+tuxcare. The vulnerability requires the ability to specify custom per-request server_hostname parameters, a feature that was introduced in version 3.10.0. Version 3.8.1 hardcodes server_hostname to the request host, making the attack scenario impossible." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:45f43a4c-2aa4-5725-b6cc-5acc430de625", "id": "CVE-2026-54276", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54276 does not affect version 3.8.1 of aiohttp. not_affected \u2014 The target repository (aiohttp 3.8.1.post10+tuxcare) is not affected by CVE-2026-54276. The vulnerable component DigestAuthMiddleware was introduced in version 3.12+ and does not exist in this older version." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:3043efda-a284-55d6-a519-a55275d7fd7d", "id": "CVE-2026-54277", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54277 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:b10e2a69-249f-54c1-b5f1-079bc16e9959", "id": "CVE-2026-54278", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54278 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:587e3e94-f494-556b-a9f3-94510f34913d", "id": "CVE-2026-54279", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54279 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }, { "bom-ref": "urn:uuid:73331dc9-93fe-57c3-a59b-37bc84a820ed", "id": "CVE-2026-54280", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54280 affects version 3.8.1 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] } ], "dependencies": [ { "ref": "pkg:pypi/aiohttp@3.8.1" } ] }