LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-54282	Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname_CVE-2026-54282 Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request....	Kludex	starlette < 1.3.0	Jun 22, 2026	CVE
LOW 1.7	CVE-2026-54280	AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect_CVE-2026-54280 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a ...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 1.3	CVE-2026-54279	AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence_CVE-2026-54279 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.sa...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 2.7	CVE-2026-54275	AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections_CVE-2026-54275 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed ...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-53540	Python-Multipart: Negative Content-Length in parse_form buffers the entire body in memory_CVE-2026-53540 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using ...	Kludex	python-multipart < 0.0.31	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-53538	Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling_CVE-2026-53538 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www...	Kludex	python-multipart < 0.0.30	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-53537	Python-Multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters_CVE-2026-53537 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) he...	Kludex	python-multipart < 0.0.30	Jun 22, 2026	CVE
LOW 2.7	CVE-2026-50269	AIOHTTP: CRLF injection in multipart headers_CVE-2026-50269 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/...	aio-libs	aiohttp < 3.14.0	Jun 22, 2026	CVE
LOW 3.2	CVE-2026-49356	Babel: Arbitrary File Read via sourceMappingURL Comment in @babel/core_CVE-2026-49356 Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a so...	babel	babel >= 8.0.0-alpha.0, < 8.0.0-rc.5	Jun 22, 2026	CVE
LOW 2.3	CVE-2026-9610	Multiple Vulnerabilities in IBM Datacap_CVE-2026-9610 IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the U...	IBM	Datacap 9.1.7	Jun 22, 2026	CVE