Litestar-org Litestar
7 CVEs affecting Litestar-org Litestar. Latest disclosed: 2026-02-09. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-42370 | High | 8.3 | 2024-08-09 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's `docs-preview.yml` workflow is vulnerable to En… |
CVE-2024-32982 | High | 8.2 | 2024-05-06 | Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerabilit… |
CVE-2025-59152 | High | 7.5 | 2025-10-06 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In version 2.17.0, rate limits can be completely bypassed by manipulating the X-Forwarde… |
CVE-2026-25478 | High | 7.4 | 2026-02-09 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built fro… |
CVE-2026-25480 | Medium | 6.5 | 2026-02-09 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization… |
CVE-2026-25479 | Medium | 6.5 | 2026-02-09 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled in… |
CVE-2024-52581 | | 2024-11-20 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the ent… |