297 matches found
ROOT-APP-PYPI-CVE-2026-48817 CVE-2026-48817 in rootio-starlette - Patched by Root
Root has patched CVE-2026-48817 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-48710 CVE-2026-48710 in rootio-starlette - Patched by Root
Root has patched CVE-2026-48710 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-62727 CVE-2025-62727 in rootio-starlette - Patched by Root
Root has patched CVE-2025-62727 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-48818 CVE-2026-48818 in rootio-starlette - Patched by Root
Root has patched CVE-2026-48818 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-54283 CVE-2026-54283 in rootio-starlette - Patched by Root
Root has patched CVE-2026-54283 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-54121 CVE-2025-54121 in rootio-starlette - Patched by Root
Root has patched CVE-2025-54121 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-54282 CVE-2026-54282 in rootio-starlette - Patched by Root
Root has patched CVE-2026-54282 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
Starlette - Improper Validation of Unsafe Equivalence in Input
A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...
ROOT-APP-PYPI-CVE-2023-30798 CVE-2023-30798 in rootio-starlette - Patched by Root
Root has patched CVE-2023-30798 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-47874 CVE-2024-47874 in rootio-starlette - Patched by Root
Root has patched CVE-2024-47874 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
LiteLLM - Command Injection
A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...
CVE-2026-54283
A flaw was found in Starlette where the request.form method silently ignores configured resource limits maxfields and maxpartsize when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number...
Security update for python-starlette (important)
openSUSE security update: security update for python-starlette ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21053-1 Rating: important References: bsc1268389 bsc1268517 bsc1268520 Cross-References: CVE-2026-48817 CVE-2026-54282 CVE-2026-54283 CVSS...
CVE-2026-54282
A flaw was found in Starlette, a lightweight Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.3.0, the HTTP request path was not properly validated when reconstructing the request.url. A remote attacker could craft a malicious HTTP request path that does not begin with a...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python-sentry-sdk: python3-sentry-sdk+aiohttp-2.48.0-6.hum1 noarch python3-sentry-sdk+asyncpg-2.48.0-6.hum1 noarch python3-sentry-sdk+bottle-2.48.0-6.hum1 noarch...
SUSE-SU-2026:22360-1 Security update for python-starlette
This update for python-starlette fixes the following issues - CVE-2026-48817: arbitrary HTTP method dispatched to HTTPEndpoint attributes via getattr bsc1268389. - CVE-2026-54282: request path that lacks a leading forward slash can lead to request.url.hostname manipulation bsc1268520. -...
OPENSUSE-SU-2026:21053-1 Security update for python-starlette
This update for python-starlette fixes the following issues - CVE-2026-48817: arbitrary HTTP method dispatched to HTTPEndpoint attributes via getattr bsc1268389. - CVE-2026-54282: request path that lacks a leading forward slash can lead to request.url.hostname manipulation bsc1268520. -...
CVE-2026-48746 vLLM: OpenAI auth bypass
vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...
CVE-2026-48746
vLLM OpenAI auth bypass (CVE-2026-48746) affects vLLM versions 0.3.0 through 0.21.0. Root cause: ASGI servers and Starlette trust the Host header from the request scope, enabling manipulation of the reconstructed URL path and bypassing the OpenAI API AuthenticationMiddleware for routes beginning ...
CVE-2026-48746 vLLM: OpenAI auth bypass
vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...