{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4d431f24-4c02-5ca4-91f8-8c284993e9b5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/aiohttp@3.8.4", "type": "library", "name": "aiohttp", "version": "3.8.4", "purl": "pkg:pypi/aiohttp@3.8.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c70304c6-c024-539e-8fc4-f20dd45324ca", "id": "CVE-2023-47627", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-47627 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:29ef0c1e-63f5-5927-b371-00fb5d4ede74", "id": "CVE-2023-49081", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-49081 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:b7badc03-5e4d-50e1-a69b-eaab671046aa", "id": "CVE-2023-49082", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-49082 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:affda557-6c93-5ec6-ae03-83c1db6cf54c", "id": "CVE-2024-23334", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23334 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:d9e7ee5b-bcb8-544f-9c40-61125c339c9b", "id": "CVE-2024-23829", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23829 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:5c76e369-f674-52ca-b6fd-c8f91a1bffb4", "id": "CVE-2024-27306", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-27306 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:523e4827-8960-58c9-b9f3-b9176736ec1a", "id": "CVE-2024-30251", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-30251 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:e6408d42-25cf-5ad5-a52e-cbb1e4de1dc0", "id": "CVE-2024-52304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52304 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:d7295aba-4a02-5ed6-be97-4acdf31d9528", "id": "CVE-2025-53643", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-53643 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:97e4cbf4-d41d-5c9e-bd11-e874e2ff21e6", "id": "CVE-2025-69223", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69223 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:9fcd371d-2676-5d76-ad0d-255294ed228a", "id": "CVE-2025-69224", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69224 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:b2f797eb-360a-5717-b333-3c73a81f492f", "id": "CVE-2025-69225", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69225 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:0101c223-5564-50e8-b0d1-ee0ac31df9e3", "id": "CVE-2025-69226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69226 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:a1915c60-4a44-5f14-b16f-1664830483fb", "id": "CVE-2025-69227", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69227 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:4ecbcfca-3ad9-5ace-9163-191c3181849c", "id": "CVE-2025-69228", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69228 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:1f72b7e1-a0e1-57d4-a70a-64c5b9d479bd", "id": "CVE-2025-69229", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69229 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:e0267c1d-106c-57bc-b302-84b01e2ec72f", "id": "CVE-2025-69230", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-69230 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:528b06f2-4c6f-5321-8ccc-b43a294f691e", "id": "CVE-2026-34525", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34525 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:fc9a9bfc-724b-5584-bad6-3a5601935937", "id": "CVE-2026-34993", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34993 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:ee856720-9e05-5740-9236-35f5394b88d0", "id": "CVE-2026-47265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47265 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:251557c6-3b6d-57ee-aeae-1db559e44872", "id": "CVE-2026-50269", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50269 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:ddc4e254-44eb-5340-b04c-2d7b60151195", "id": "CVE-2026-54273", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54273 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:261c37eb-3955-57e2-a62b-ad5207f0a624", "id": "CVE-2026-54274", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54274 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:3d40fcf3-d491-5537-a8dc-2a0c1b867da5", "id": "CVE-2026-54275", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54275 does not affect version 3.8.4 of aiohttp. not_affected \u2014 CVE-2026-54275 does not affect aiohttp version 3.8.4.post4+tuxcare. The vulnerability requires the server_hostname parameter feature, which was not added until version 3.9.0+ (August 2023), six months after version 3.8.4 was released (February 2023). The target version cannot receive the malicious input described in the CVE." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:b7a0ad4c-a94b-5840-aa0c-d703a1cd166d", "id": "CVE-2026-54276", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54276 does not affect version 3.8.4 of aiohttp. not_affected \u2014 The target repository (aiohttp version 3.8.4.post4+tuxcare) does not contain the DigestAuthMiddleware component. This feature was introduced in aiohttp version 3.12, which postdates the target version. The vulnerability cannot manifest because the affected code does not exist in this version." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:481dd0db-b288-5cd7-b5d0-c9b1915163fe", "id": "CVE-2026-54277", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54277 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:04436330-afb0-5a92-9731-a909bcbc1192", "id": "CVE-2026-54278", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54278 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:1d0fc036-33e5-5bfb-88fb-2298f0966e19", "id": "CVE-2026-54279", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54279 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:9fa1079d-b4b3-5d47-a7ef-50e4bbf9142d", "id": "CVE-2026-54280", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54280 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }, { "bom-ref": "urn:uuid:ebec3884-91ce-5a3b-9c9c-2eb12f872778", "id": "GHSA-pjjw-qhg8-p2p9", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-pjjw-qhg8-p2p9 affects version 3.8.4 of aiohttp." }, "affects": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] } ], "dependencies": [ { "ref": "pkg:pypi/aiohttp@3.8.4" } ] }