aiohttp

registryPyPI

package nameaiohttp

maintaineraiohttp Contributors

aiohttp is an async HTTP client and server library for Python built on asyncio. It is used in high-throughput Python services, web scrapers, and as the server component of some web frameworks. Many LangChain integrations use aiohttp for async API calls to external services.

api usage

Checking aiohttp

aiohttp 3.10.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=aiohttp&version=3.10.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "aiohttp",
  "version": "3.10.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Async HTTP libraries handle concurrent outbound requests in a single event loop. A compromised version can intercept multiple parallel API calls simultaneously, making it more efficient at harvesting tokens than synchronous HTTP clients.

Attestd monitors aiohttp using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages HTTPX Requests FastAPI Response fields