Packages you depend on that have known security holes (CVEs).
-
Serious CVE-2025-1793 llama-index: LlamaIndex SQL Injection Vulnerability
examples/tutorials/generate-test-data/requirements.txt
A package you depend on has a known security hole (CVE-2025-1793). Fix: Update that package to its patched version.
-
Worth fixing CVE-2025-69223 aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2025-69223). Fix: Update that package to its patched version.
-
Worth fixing CVE-2024-52304 aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2024-52304). Fix: Update that package to its patched version.
-
Worth fixing CVE-2025-69227 aiohttp: aiohttp: Denial of Service via specially crafted POST request
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2025-69227). Fix: Update that package to its patched version.
-
Worth fixing CVE-2025-69228 aiohttp: aiohttp: Denial of Service via memory exhaustion from crafted POST request
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2025-69228). Fix: Update that package to its patched version.
-
Worth fixing CVE-2025-69229 aiohttp: AIOHTTP: Denial of Service via excessive CPU usage in chunked message handling
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2025-69229). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-22815 aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-22815). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-34515 aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-34515). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-34516 aiohttp: AIOHTTP: Denial of Service via excessive multipart headers
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-34516). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-34525 aiohttp: aiohttp: Security bypass via multiple Host headers
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-34525). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-34993 aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-34993). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-47265 python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-47265). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-54273 aiohttp: AIOHTTP: Denial of Service via excessive pipelined requests
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-54273). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-54274 aiohttp: aiohttp: Denial of Service via incomplete websocket frame payloads
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-54274). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-54276 aiohttp: aiohttp: Information disclosure via DigestAuthMiddleware after cross-origin redirect
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-54276). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-54277 aiohttp: aiohttp: Denial of Service via oversized HTTP request lines bypassing max_line_size check
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-54277). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-54278 aiohttp: aiohttp: Denial of Service due to excessive memory consumption from compressed request body
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-54278). Fix: Update that package to its patched version.
-
Worth fixing CVE-2025-24986 Azure PromptFlow remote code execution related to Jinja templates
benchmark/promptflow-serve/pf_flows/flex_async/requirements.txt
A package you depend on has a known security hole (CVE-2025-24986). Fix: Update that package to its patched version.
-
Worth fixing CVE-2025-69223 aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
benchmark/promptflow-serve/pf_flows/static_async/requirements.txt
A package you depend on has a known security hole (CVE-2025-69223). Fix: Update that package to its patched version.
-
Worth fixing CVE-2024-52304 aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
benchmark/promptflow-serve/pf_flows/static_async/requirements.txt
A package you depend on has a known security hole (CVE-2024-52304). Fix: Update that package to its patched version.
-
Worth fixing CVE-2025-69227 aiohttp: aiohttp: Denial of Service via specially crafted POST request
benchmark/promptflow-serve/pf_flows/static_async/requirements.txt
A package you depend on has a known security hole (CVE-2025-69227). Fix: Update that package to its patched version.
-
Worth fixing CVE-2025-69228 aiohttp: aiohttp: Denial of Service via memory exhaustion from crafted POST request
benchmark/promptflow-serve/pf_flows/static_async/requirements.txt
A package you depend on has a known security hole (CVE-2025-69228). Fix: Update that package to its patched version.
-
Worth fixing CVE-2025-69229 aiohttp: AIOHTTP: Denial of Service via excessive CPU usage in chunked message handling
benchmark/promptflow-serve/pf_flows/static_async/requirements.txt
A package you depend on has a known security hole (CVE-2025-69229). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-22815 aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling
benchmark/promptflow-serve/pf_flows/static_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-22815). Fix: Update that package to its patched version.
-
Worth fixing CVE-2026-34515 aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows
benchmark/promptflow-serve/pf_flows/static_async/requirements.txt
A package you depend on has a known security hole (CVE-2026-34515). Fix: Update that package to its patched version.