CVE-2026-25479

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...

3lc (>=2.19.0 <=2.21.3), litestar-htmx (>=0.1.0 <=0.3.0) +2 more potentially affected by CVE-2026-25480 via litestar (>=2.0.0b2 <=2.15.2)

litestar PYPI version =2.0.0b2, =2.19.0, =0.1.0, =0.2.0, =0.3.14, =0.3.35 Source cves: CVE-2026-25480 Source advisory: SNYK:PYTHON-LITESTAR-15253019...

Improper Handling of Unicode Encoding

Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding via the safefilename in the stores/file.py‎. An attacker can cause cached responses for one URL to be...

Incorrect Regular Expression

Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Incorrect Regular Expression via the allowedhosts host validation. An attacker can gain unauthorized access by supplying a specially crafted...

3lc (>=2.19.0 <=2.21.3), litestar-htmx (>=0.1.0 <=0.3.0) +2 more potentially affected by CVE-2025-59152 via litestar (>=2.0.0b2 <=2.15.2)

litestar PYPI version =2.0.0b2, =2.19.0, =0.1.0, =0.2.0, =0.3.14, =0.3.35 Source cves: CVE-2025-59152 Source advisory: SNYK:PYTHON-LITESTAR-13433195...

3lc (>=2.19.0 <=2.21.3), litestar-htmx (>=0.1.0 <=0.3.0) +2 more potentially affected by unknown CVE via litestar (>=2.0.0b2 <=2.15.2)

litestar PYPI version =2.0.0b2, =2.19.0, =0.1.0, =0.2.0, =0.3.14, =0.3.35 Source cves: unknown CVE Source advisory: OSV:GHSA-674P-XV2X-RF3G...

3lc (>=2.19.0 <=2.21.3), litestar-htmx (>=0.1.0 <=0.3.0) +2 more potentially affected by unknown CVE via litestar (>=2.0.0b2 <=2.15.2)

litestar PYPI version =2.0.0b2, =2.19.0, =0.1.0, =0.2.0, =0.3.14, =0.3.35 Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITESTAR-11776954...

Denial Of Service (DoS)

litestar is vulnerable to Denial of Service DoS. The vulnerability is due to the multipart form parser, which expects the entire request body as a single byte string without a default size limit, allowing attackers to cause excessive memory consumption by uploading arbitrarily large files...

Allocation of Resources Without Limits or Throttling

Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of size limits or size checks when reading the request body into memory v...

litestar-htmx (>=0.1.0 <=0.2.4), niapi (>=0.2.0 <=0.5.0) +1 more potentially affected by CVE-2024-52581 via litestar (>=2.0.0b2 <=2.12.1)

litestar PYPI version =2.0.0b2, =0.1.0, =0.2.0, =0.3.14, =0.3.35 Source cves: CVE-2024-52581 Source advisory: OSV:PYSEC-2024-178...