starlette vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-54283Highstarlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoSCVE-2026-54282LowStarlette: Starlette: Unvalidated request path concatenated into authority poisons request.url.hostnameCVE-2026-48818Highstarlette: Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on WindowsCVE-2026-48817Mediumstarlette: Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`CVE-2026-48710Mediumstarlette: Starlette has missing Host header validation that poisons request.url.path, bypassing path-based…CVE-2025-62727Highstarlette: Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``CVE-2025-54121Mediumstarlette: Starlette has possible denial-of-service vector when parsing large files in multipart formsCVE-2024-47874Highstarlette: Starlette Denial of service (DoS) via multipart/form-dataCVE-2023-29159Mediumstarlette: Starlette has Path Traversal vulnerability in StaticFilesCVE-2023-30798Highstarlette: MultipartParser denial of service with too many fields or files

Stop the waste.
Protect your environment with Kodem.