pkg:PyPI/starlette

All known vulnerabilities

• HIGH7.5CVE-2025-62727Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
  >= 0.39.0, < 0.49.1
• HIGH7.5CVE-2024-24762Duplicate Advisory: FastAPI Content-Type Header ReDoS
  from 0, < 0.36.2
• HIGH7.5CVE-2023-30798MultipartParser denial of service with too many fields or files
  from 0, < 8c74c2c8dba7030154f8af18e016136bea1938fa | from 0, < 0.25.0
• HIGH7.5MultipartParser denial of service with too many fields or files
  from 0, < 0.25.0
• MEDIUM6.5BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks
  from 0, < 1.0.1
• MEDIUM6.5BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks
  from 0, < 1.0.1
• MEDIUM5.3Starlette has possible denial-of-service vector when parsing large files in multipart forms
  from 0, < 0.47.2
• LOW3.7Starlette has Path Traversal vulnerability in StaticFiles
  >= 0.13.5, < 0.27.0
• LOW3.7Starlette has Path Traversal vulnerability in StaticFiles
  >= 0.13.5, < 0.27.0
• NONE0.0Starlette Denial of service (DoS) via multipart/form-data
  from 0, < 0.40.0