HIGH8.3CVE-2024-42370Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow from 0, <= 2.10.0
HIGH8.2CVE-2024-32982Litestar and Starlite vulnerable to Path Traversal >= 2.8.0, < 2.8.3
HIGH8.1CVE-2026-48060Litestar has HTML Injection Through its CSRF Token from 0, < 2.22.0
HIGH7.5Litestar X-Forwarded-For Header Spoofing Vulnerability Enables Rate Limit Evasion
>= 2.17.0, < 2.18.0
HIGH7.5Litestar allows unbounded resource consumption (DoS vulnerability)
from 0, < 2.13.0
HIGH7.5Litestar allows unbounded resource consumption (DoS vulnerability)
from 0, < 53c1473b5ff7502816a9a339ffc90731bb0c2138 | from 0, < 2.13.0
HIGH7.4Litestar's CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins
>= 2.19.0, < 2.20.0
MEDIUM6.5Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)
>= 2.19.0, < 2.20.0
MEDIUM6.5Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns
>= 2.19.0, < 2.20.0
MEDIUM5.9Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header
from 0, < 2.22.0