tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 1.3	CVE-2026-54279	AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence_CVE-2026-54279 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.sa...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54278	AIOHTTP: Unread Compressed Request Bodies Bypass client_max_size During Cleanup_CVE-2026-54278 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed req...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54277	AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines_CVE-2026-54277 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check i...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-54276	AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges_CVE-2026-54276 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication re...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 2.7	CVE-2026-54275	AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections_CVE-2026-54275 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed ...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54274	AIOHTTP: Incomplete websocket frame payloads bypass memory limits_CVE-2026-54274 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket fr...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54273	AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit_CVE-2026-54273 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined re...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
HIGH 8.2	CVE-2026-54271	protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names_CVE-2026-54271 protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / stati...	protobufjs	protobufjs-cli < 1.3.2	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54270	protobufjs: Memory amplification from preserved unknown fields in binary decode_CVE-2026-54270 protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message...	protobufjs	protobuf.js >=8.2.0, < 8.5.0	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54269	protobufjs: Schema-derived names can shadow runtime-significant properties_CVE-2026-54269 protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names...	protobufjs	protobuf.js < 7.6.3	Jun 22, 2026	CVE