Encode Starlette
6 CVEs affecting Encode Starlette. Latest disclosed: 2026-05-26. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-24762 | High | 7.5 | 2024-02-05 | `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Ty… |
CVE-2023-30798 | High | 7.5 | 2023-04-21 | There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number o… |
CVE-2026-48710 | Medium | 6.5 | 2026-05-26 | Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `r… |
CVE-2025-54121 | Medium | 5.3 | 2025-07-21 | Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47… |
CVE-2024-47874 | | 2024-10-15 | Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a… | |
CVE-2023-29159 | | 2023-06-01 | Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web se… |