UBUNTU-CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the...

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

Linux Distros Unpatched Vulnerability : CVE-2026-48817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the...

CVE-2026-48817 Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...

Allocation of Resources Without Limits or Throttling

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the request.form. An attacker can exhaust system resources and disrupt service availability by submitting a specially crafted...

GHSA-82W8-QH3P-5JFQ Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

Summary request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an...

Use of Incorrectly-Resolved Name or Reference

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in the reconstruction of request.url when the HTTP request path does not begin with /. An attacker can mislead the application into trusti...

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Summary In affected versions, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header could make request.url.path differ from the pa...

01os (>=0.0.1 <=0.0.14), 2025-assignment2-expenses-manager (>=0.1.1 <=0.1.7) +5785 more potentially affected by CVE-2026-48710 via starlette (>=0.20.2 <=1.0.0rc1)

starlette PYPI version =0.20.2, =0.0.1, =0.1.1, =0.5.3, =0.1.3, =0.1.0, =0.1.1, =0.3.6, =0.12.0, =0.4.2, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.1.18 and more Source cves: CVE-2026-48710 Source advisory: OSV:GHSA-86QP-5C8J-P5MR...

The vulnerability was concealed in Starlette

There is a vulnerability in Starlette, a Python library for developing web services. Starlette is used by various products, including FastAPI. An unauthorized malicious actor can exploit this vulnerability to bypass authentication checks. This allows the malicious actor to access protected URL...

Debian dsa-6302 : python3-starlette - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6302 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6302-1 [email protected]...

360solutions-bc-mcp (>=0.5.3 <=0.5.6), ariadne (>=0.17.0 <=0.17.1b1) +24 more potentially affected by CVE-2026-48710 via starlette (>=1.0.0 <=1.0.0rc1)

starlette PYPI version =1.0.0, =0.5.3, =0.17.0, =7.2.0, =0.21.0, =1.9.13, =0.8.1, =1.1.2, =0.8.1, =2.10.0, =0.0.1a25, =0.0.1a78 - pioarduino =6.1.19 and more Source cves: CVE-2026-48710 Source advisory: SNYK:PYTHON-STARLETTE-16881242...

01os (>=0.0.1 <=0.0.14), 2025-assignment2-expenses-manager (>=0.1.1 <=0.1.7) +5785 more potentially affected by CVE-2026-48710 via starlette (>=0.20.2 <=1.0.0rc1)

starlette PYPI version =0.20.2, =0.0.1, =0.1.1, =0.5.3, =0.1.3, =0.1.0, =0.1.1, =0.3.6, =0.12.0, =0.4.2, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.1.18 and more Source cves: CVE-2026-48710 Source advisory: OSV:PYSEC-2026-161...

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2025-62727, CVE-2025-58754)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses Starlette dependency which is vulnerable to CVE-2025-62727.

Summary IBM Maximo Application Suite - Visual Inspection Component uses Starlette dependency which is vulnerable to CVE-2025-62727. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette is a lightweigh...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2025-54121]

Summary Python module starlette is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address the reported...

Security Bulletin: Astronomer with IBM is vulnerable to event thread locking due to the starlette package (CVE-2025-54121)

Summary Starlette is used by Astronomer with IBM as part of the request processing functionality. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown...

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF007

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF007 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway...

Linux Distros Unpatched Vulnerability : CVE-2025-62727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP...