{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4568d0e3-81df-572e-8d55-b565a4819ebd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare", "type": "library", "name": "aiohttp", "version": "3.8.4.post4+tuxcare", "purl": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f8faa83d-3709-52e4-b558-c0ef0c5885f5", "id": "CVE-2023-37276", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-37276 is fixed in version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:b849ef05-4632-58e1-9cd0-b60a98cb1bcc", "id": "CVE-2023-47627", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-47627 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:8f3eabc1-effc-5ca9-b8a6-e4f5fdebed0b", "id": "CVE-2023-49081", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-49081 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:ccc77cdd-6c08-5eef-b29d-144dcd087b56", "id": "CVE-2023-49082", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-49082 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:0fabe402-e568-5dd1-aa34-81bf9faf31a9", "id": "CVE-2024-23334", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23334 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:fd51ccbb-fffe-5ce8-9159-0abeedd39ae2", "id": "CVE-2024-23829", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23829 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:74a28e1f-4a67-5e15-9e97-ff3fb26b06c9", "id": "CVE-2024-27306", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-27306 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:a79d55e4-3f4f-5404-aa82-700d9ce1aa3c", "id": "CVE-2024-30251", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-30251 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:ee08b847-ddd0-56ca-bb01-94684472f82e", "id": "CVE-2024-52304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52304 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:c18a3735-2f15-541b-811d-dd3ff798d78c", "id": "CVE-2025-53643", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-53643 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:28fed8d1-8067-5b39-a2d6-88a02891d2d2", "id": "CVE-2025-69223", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69223 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:cd03ff70-573b-57a9-8398-5c59ca73a0e0", "id": "CVE-2025-69224", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69224 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:151a9867-51c1-596a-8151-a264de75795d", "id": "CVE-2025-69225", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69225 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:36d7cb62-5df1-57a0-9875-b45eb8a1e3b6", "id": "CVE-2025-69226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69226 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:ee983ab5-f866-5c89-a9dd-c47318feb26b", "id": "CVE-2025-69227", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69227 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:a8512d40-3b42-5c1e-b2d7-f7459e4c4924", "id": "CVE-2025-69228", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69228 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:7bcf2558-e6ea-5ea1-b59a-e3a16d49f815", "id": "CVE-2025-69229", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69229 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:51a93e8d-02c8-55c0-9c95-6d9c6034e907", "id": "CVE-2025-69230", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69230 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:ca8251c1-2332-54a8-8685-2e472333a3c8", "id": "CVE-2026-22815", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22815 is fixed in version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:f1ee5a99-c200-5873-a06c-3b02ce58319e", "id": "CVE-2026-34513", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34513 is fixed in version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:ae9cbb2c-9f5c-5347-a696-436c3463473a", "id": "CVE-2026-34514", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34514 is fixed in version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:863d5f1b-ec41-5ab5-ace6-4c744c4617c4", "id": "CVE-2026-34515", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34515 is fixed in version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:edec3567-164a-5f19-9413-c215953f2f9a", "id": "CVE-2026-34516", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34516 is fixed in version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:f6e7aa6d-089e-5824-b507-803c0ce456b1", "id": "CVE-2026-34517", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34517 is fixed in version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:723763b5-f3e7-5416-9c53-b954795b4348", "id": "CVE-2026-34518", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34518 is fixed in version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:be030821-cb73-5906-becd-42e901052903", "id": "CVE-2026-34519", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34519 is fixed in version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:331aaaa7-d0f7-579b-a78d-f3d016d8c5bb", "id": "CVE-2026-34520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34520 is fixed in version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:bec9393f-5b46-590d-a4b4-cf226bcf0c8d", "id": "CVE-2026-34525", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34525 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:48a1ea0d-0fc4-5b8f-88d4-3de3b575482c", "id": "CVE-2026-34993", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34993 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:db884211-827c-52b7-b9e6-8b442ffc7a0e", "id": "CVE-2026-47265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47265 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:28e5ddad-bc6c-5d08-87ce-5b5da6375a69", "id": "CVE-2026-50269", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50269 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:dd2601fc-c9a5-56bf-b7da-aa8cef9b361a", "id": "CVE-2026-54273", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54273 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:99506301-e0b6-5186-a757-7a932c030ebe", "id": "CVE-2026-54274", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54274 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:c8767d74-1c2f-503e-9fe3-632bdc7b6174", "id": "CVE-2026-54275", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54275 does not affect version 3.8.4.post4+tuxcare of aiohttp. not_affected \u2014 CVE-2026-54275 does not affect aiohttp version 3.8.4.post4+tuxcare. The vulnerability requires the server_hostname parameter feature, which was not added until version 3.9.0+ (August 2023), six months after version 3.8.4 was released (February 2023). The target version cannot receive the malicious input described in the CVE." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:c1902d51-57f6-5625-acd6-1e2045754ab9", "id": "CVE-2026-54276", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54276 does not affect version 3.8.4.post4+tuxcare of aiohttp. not_affected \u2014 The target repository (aiohttp version 3.8.4.post4+tuxcare) does not contain the DigestAuthMiddleware component. This feature was introduced in aiohttp version 3.12, which postdates the target version. The vulnerability cannot manifest because the affected code does not exist in this version." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:c549adcd-43cb-5c77-ae31-d444f085e2d8", "id": "CVE-2026-54277", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54277 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:ef3a2c28-a095-5211-8c75-556b507d89c3", "id": "CVE-2026-54278", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54278 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:cadea0a1-972d-584f-ae51-62f73b745eed", "id": "CVE-2026-54279", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54279 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:b41d52b8-8c89-5fff-9806-a7f9da918f84", "id": "CVE-2026-54280", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54280 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }, { "bom-ref": "urn:uuid:941333cc-dba1-598e-8217-13ebc1ce7e1d", "id": "GHSA-pjjw-qhg8-p2p9", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-pjjw-qhg8-p2p9 affects version 3.8.4.post4+tuxcare of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:pypi/aiohttp@3.8.4.post4+tuxcare" } ] }