CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

Cvelist•added 2026/02/09 6:49 p.m.•25 views

CVE-2026-25480 FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...

6.5CVSS0.00021EPSS

Exploits1References4

Fedora•added 2025/11/05 2:13 a.m.•5 views

[SECURITY] Fedora 43 Update: python-starlette-0.49.1-1.fc43

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

8.1CVSS7AI score0.00017EPSS

Exploits1

NVD•added 2025/07/21 8:15 p.m.•4 views

CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

5.3CVSS0.0025EPSS

Exploits0References4

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•14 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874 Vulnerability Details CVEID:CVE-2024-47874 DESCRIPTION: Starlette is an Asynchronous Server Gateway Interface ASGI...

8.7CVSS6.1AI score0.00125EPSS

Exploits0Affected Software1

NVD•added 2024/11/20 9:15 p.m.•52 views

CVE-2024-52581

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to...

8.2CVSS0.00445EPSS

Exploits1References4

PyPA•added 2024/11/20 9:15 p.m.•6 views

PYSEC-2024-178

8.2CVSS7.2AI score0.01275EPSS

Exploits2References5Affected Software1

Cvelist•added 2024/11/20 8:50 p.m.•15 views

CVE-2024-52581 Litestar allows unbounded resource consumption (DoS vulnerability)

8.2CVSS0.00445EPSS

Exploits1References4

Vulnrichment•added 2024/11/20 8:50 p.m.•10 views

CVE-2024-52581 Litestar allows unbounded resource consumption (DoS vulnerability)

8.2CVSS6.4AI score0.00445EPSS

Exploits1References4

OSV•added 2024/11/20 8:50 p.m.•12 views

CVE-2024-52581 Litestar allows unbounded resource consumption (DoS vulnerability)

8.2CVSS7.6AI score0.00445EPSS

Exploits1References6

Vulnrichment•added 2024/10/15 3:45 p.m.•20 views

CVE-2024-47874 Starlette Denial of service (DoS) via multipart/form-data

Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form...

8.7CVSS7AI score0.00125EPSS

Exploits0References2

NVD•added 2024/08/12 1:38 p.m.•10 views

CVE-2024-42370

Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...

8.3CVSS0.00985EPSS

Exploits0References4

Vulnrichment•added 2024/08/09 6:29 p.m.•13 views

CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow

8.3CVSS8.3AI score0.00985EPSS

Exploits0References4

OSV•added 2024/08/09 6:29 p.m.•7 views

CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow

8.3CVSS7AI score0.00985EPSS

Exploits0References6

CVE•added 2024/05/06 2:38 p.m.•55 views

CVE-2024-32982

Litestar/Starlite static file serving is affected by a Local File Inclusion (LFI) due to an unsafe path handling implementation in litestar/static_files/base.py. Prior to versions 2.8.3, 2.7.2, and 2.6.4, this path traversal flaw can allow an attacker to access files outside the intended static d...

8.2CVSS7.7AI score0.00297EPSS

Exploits0References3

OpenVAS•added 2023/05/27 12:0 a.m.•8 views

Fedora: Security Advisory for python-starlette (FEDORA-2023-b082504356)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score

Exploits0References2

OpenVAS•added 2023/05/27 12:0 a.m.•12 views

Fedora: Security Advisory for python-starlette (FEDORA-2023-9329cee69d)

7.5AI score

Exploits0References2

NVD•added 2023/02/15 3:15 p.m.•9 views

CVE-2023-25578

Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...

7.5CVSS7.5AI score0.01275EPSS

Exploits1References3

OSV•added 2023/02/15 3:15 p.m.•14 views

PYSEC-2023-49

7.5CVSS7.5AI score0.01275EPSS

Exploits1References3