← Back to the AI Dependency AtlasExact package identity dossier

aiohttp

pypi:aiohttp
pypi

This dossier links the stable identity pypi:aiohttp to 9 exact observed versions across 10 public repositories.

pypipypi:aiohttpecosystem:name + exact version + evidence path

A package identity or provider interface in published code does not prove configuration, an account, procurement, data transfer or an API call.

ecosystem:name + exact version + evidence path
10repositories
10exact evidence rows
9exact versions
2reported license expressions
30OSV records returned
Exact published evidence

Observed exact versions and registry metadata

Publication age and licenses come from deps.dev metadata. They are context—not a maintenance, legal or portability verdict.

Exact version3.10.1113 Nov 2024
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0
verified publish attestation30 OSV records
Open exact source ↗
Exact version3.11.1118 Dec 2024
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0
verified publish attestation30 OSV records
Open exact source ↗
Exact version3.11.1821 Apr 2025
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0
verified publish attestation30 OSV records
Open exact source ↗
Exact version3.12.1314 Jun 2025
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0
verified publish attestation30 OSV records
Open exact source ↗
Exact version3.12.1529 Jul 2025
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0 AND MIT
verified publish attestation29 OSV records
Open exact source ↗
Exact version3.13.117 Oct 2025
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0 AND MIT
verified publish attestation29 OSV records
Open exact source ↗
Exact version3.13.228 Oct 2025
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0 AND MIT
verified publish attestation29 OSV records
Open exact source ↗
Exact version3.13.303 Jan 2026
Repositories
2
Occurrences
2
Reported licenses
Apache-2.0 AND MIT
verified publish attestation21 OSV records
Open exact source ↗
Exact version3.14.107 Jun 2026
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0 AND MIT
verified publish attestationNo OSV record returned for this exact version
Open exact source ↗
Observed relations

Repositories carrying this identity

kiva-llm-gatewaybaden-wuerttemberg/innenministerium/kiva.platform/kiva-llm-gateway
3.10.111 Occurrence
ai-websearch-benchmarkdatenlabor-bmz/ai-websearch-benchmark
3.13.31 Occurrence
MUCGPTlandeshauptstadt-muenchen/mucgpt
3.14.11 Occurrence
Coding Agent Usage Simulationuba-ki-lab/coding-agent-usage-simulation
3.13.11 Occurrence
density-mapsuba-ki-lab/density-maps
3.13.31 Occurrence
GSA Extractionuba-ki-lab/gsa-extraction
3.12.131 Occurrence
LLM Questionnaire Benchmarking Frameworkuba-ki-lab/llm-questionnaire-benchmarking-framework
3.12.151 Occurrence
LLM Testframeworkuba-ki-lab/llm-testframework
3.11.181 Occurrence
Objection managementuba-ki-lab/objection-management
3.11.111 Occurrence
Retrieval Evaluationuba-ki-lab/retrieval-evaluation
3.13.21 Occurrence
Exact published evidence

exact evidence rows

ai-websearch-benchmarkdatenlabor-bmz/ai-websearch-benchmark
pypi:aiohttp@3.13.3uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Coding Agent Usage Simulationuba-ki-lab/coding-agent-usage-simulation
pypi:aiohttp@3.13.1uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
density-mapsuba-ki-lab/density-maps
pypi:aiohttp@3.13.3uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
GSA Extractionuba-ki-lab/gsa-extraction
pypi:aiohttp@3.12.13uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
kiva-llm-gatewaybaden-wuerttemberg/innenministerium/kiva.platform/kiva-llm-gateway
pypi:aiohttp@3.10.11poetry.lock
declaration relationship not reportednot marked as development-only
Open exact source ↗
LLM Questionnaire Benchmarking Frameworkuba-ki-lab/llm-questionnaire-benchmarking-framework
pypi:aiohttp@3.12.15uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
LLM Testframeworkuba-ki-lab/llm-testframework
pypi:aiohttp@3.11.18uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
MUCGPTlandeshauptstadt-muenchen/mucgpt
pypi:aiohttp@3.14.1mucgpt-core-service/uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Objection managementuba-ki-lab/objection-management
pypi:aiohttp@3.11.11uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Retrieval Evaluationuba-ki-lab/retrieval-evaluation
pypi:aiohttp@3.13.2uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
OSV

Related OSV records

GHSA-2fqr-mr3j-6wp8

aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

9 repositories13 Jul 2026
GHSA-2vrm-gr82-f7m5

AIOHTTP has CRLF injection through multipart part content type header construction

9 repositories13 Jul 2026
GHSA-3wq7-rqq7-wx6j

AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS

9 repositories13 Jul 2026
GHSA-4fvr-rgm6-gqmc

aiohttp: HTTP/1 Pipelined Requests Queue Without Limit

9 repositories13 Jul 2026
GHSA-4m7w-qmgq-4wj5

aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

9 repositories27 Jun 2026
GHSA-54jq-c3m8-4m76

AIOHTTP vulnerable to brute-force leak of internal static file path components

7 repositories07 Jul 2026
GHSA-63hf-3vf5-4wqf

AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass

9 repositories16 Jul 2026
GHSA-63hw-fmq6-xxg2

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

9 repositories13 Jul 2026
GHSA-69f9-5gxw-wvc2

AIOHTTP's unicode processing of header values could cause parsing discrepancies

7 repositories07 Jul 2026
GHSA-6jhg-hg63-jvvf

AIOHTTP vulnerable to denial of service through large payloads

7 repositories07 Jul 2026
GHSA-6mq8-rvhq-8wgg

AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

7 repositories07 Jul 2026
GHSA-9548-qrrj-x5pj

AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

4 repositories07 Jul 2026
GHSA-966j-vmvw-g2g9

AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

9 repositories13 Jul 2026
GHSA-9x8q-7h8h-wcw9

aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect

9 repositories13 Jul 2026
GHSA-c427-h43c-vf67

AIOHTTP accepts duplicate Host headers

9 repositories13 Jul 2026
GHSA-fh55-r93g-j68g

AIOHTTP Vulnerable to Cookie Parser Warning Storm

7 repositories07 Jul 2026
GHSA-g3cq-j2xw-wf74

aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup

9 repositories13 Jul 2026
GHSA-g84x-mcqj-x9qq

AIOHTTP vulnerable to DoS through chunked messages

7 repositories07 Jul 2026
GHSA-hcc4-c3v8-rx92

AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector

9 repositories13 Jul 2026
GHSA-hg6j-4rv6-33pg

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

9 repositories13 Jul 2026
GHSA-hpj7-wq8m-9hgp

aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

9 repositories13 Jul 2026
GHSA-jg22-mg44-37j8

AIOHTTP is Vulnerable to Deserialization of Untrusted Data

9 repositories13 Jul 2026
GHSA-jj3x-wxrx-4x23

AIOHTTP vulnerable to DoS when bypassing asserts

7 repositories07 Jul 2026
GHSA-m5qp-6w8w-w647

AIOHTTP has a Multipart Header Size Bypass

9 repositories13 Jul 2026
GHSA-m6qw-4cw2-hm4m

aiohttp: CRLF injection in multipart headers

9 repositories13 Jul 2026
GHSA-mqqc-3gqh-h2x8

AIOHTTP has unicode match groups in regexes for ASCII protocol elements

7 repositories07 Jul 2026
GHSA-mwh4-6h8g-pg8w

AIOHTTP has HTTP response splitting via \r in reason phrase

9 repositories13 Jul 2026
GHSA-p998-jp59-783m

AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

9 repositories13 Jul 2026
GHSA-w2fm-2cpv-w7v5

aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage

9 repositories13 Jul 2026
GHSA-xcgm-r5h9-7989

aiohttp: Incomplete websocket frame payloads bypass memory limits

9 repositories13 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

Only exact npm and PyPI tuples are enriched. Reported SPDX expressions are metadata; no compatibility, obligation or legal conclusion is inferred.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): aiohttp — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/paket/aiohttp-5a806a63/

Reading this dossier

Does package presence prove that a provider is used?
No. Even a direct interface declaration does not establish configuration, credentials, procurement, data transfer or an API call.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools