Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/starlette@1.1.0-1?distro=trixie
Typedeb
Namespacedebian
Namestarlette
Version1.1.0-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2c5q-buqw-u7ex
vulnerability_id VCID-2c5q-buqw-u7ex
summary 
BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks
Starlette reconstructs the requested URL based on the HTTP Host request header and requested path, but does not perform any validation of the Host header value. This allows attackers to inject paths into the host part, prepending the actual path. However, routing in Starlette is based on the actual request path. This inconsistent interpretation of HTTP requests may lead to issues such as authentication bypass when the authentication depends on the reconstructed URL’s path.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-48710.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-48710.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-48710
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.57973
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-48710
2
reference_url https://badhost.org
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://badhost.org
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48710
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48710
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/Kludex/starlette
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Kludex/starlette
6
reference_url https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6
7
reference_url https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-48710
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-48710
10
reference_url https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette
11
reference_url https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette/
reference_id
reference_type
scores
url https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette/
12
reference_url https://www.secwest.net/starlette
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://www.secwest.net/starlette
13
reference_url https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette
14
reference_url https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette/
reference_id
reference_type
scores
url https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette/
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137375
reference_id 1137375
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137375
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2481742
reference_id 2481742
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2481742
17
reference_url https://github.com/advisories/GHSA-86qp-5c8j-p5mr
reference_id GHSA-86qp-5c8j-p5mr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-86qp-5c8j-p5mr
18
reference_url https://access.redhat.com/errata/RHSA-2026:22992
reference_id RHSA-2026:22992
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22992
19
reference_url https://access.redhat.com/errata/RHSA-2026:22993
reference_id RHSA-2026:22993
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22993
20
reference_url https://access.redhat.com/errata/RHSA-2026:23346
reference_id RHSA-2026:23346
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23346
fixed_packages
0
url pkg:deb/debian/starlette@0.26.1-1?distro=trixie
purl pkg:deb/debian/starlette@0.26.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.26.1-1%3Fdistro=trixie
1
url pkg:deb/debian/starlette@0.26.1-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/starlette@0.26.1-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.26.1-1%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.46.1-3%252Bdeb13u1%3Fdistro=trixie
3
url pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.46.1-3%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/starlette@1.1.0-1?distro=trixie
purl pkg:deb/debian/starlette@1.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@1.1.0-1%3Fdistro=trixie
aliases CVE-2026-48710, GHSA-86qp-5c8j-p5mr, PYSEC-2026-161, X41-2026-002
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c5q-buqw-u7ex
1
url VCID-6wzh-4g3t-93gv
vulnerability_id VCID-6wzh-4g3t-93gv
summary 
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's `FileResponse` Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files (e.g., `StaticFiles` or any use of `FileResponse`).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62727.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62727
reference_id
reference_type
scores
0
value 0.00068
scoring_system epss
scoring_elements 0.21137
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62727
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/Kludex/starlette
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Kludex/starlette
4
reference_url https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-28T20:36:34Z/
url https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5
5
reference_url https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-28T20:36:34Z/
url https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c
6
reference_url https://github.com/Kludex/starlette/releases/tag/0.49.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-28T20:36:34Z/
url https://github.com/Kludex/starlette/releases/tag/0.49.1
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119662
reference_id 1119662
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119662
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406929
reference_id 2406929
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2406929
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62727
reference_id CVE-2025-62727
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62727
10
reference_url https://github.com/advisories/GHSA-7f5h-v6xp-fcq8
reference_id GHSA-7f5h-v6xp-fcq8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7f5h-v6xp-fcq8
11
reference_url https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8
reference_id GHSA-7f5h-v6xp-fcq8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-28T20:36:34Z/
url https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8
12
reference_url https://access.redhat.com/errata/RHSA-2025:22759
reference_id RHSA-2025:22759
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22759
13
reference_url https://access.redhat.com/errata/RHSA-2025:23078
reference_id RHSA-2025:23078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23078
14
reference_url https://access.redhat.com/errata/RHSA-2025:23079
reference_id RHSA-2025:23079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23079
15
reference_url https://access.redhat.com/errata/RHSA-2025:23080
reference_id RHSA-2025:23080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23080
16
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
17
reference_url https://access.redhat.com/errata/RHSA-2025:23133
reference_id RHSA-2025:23133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23133
18
reference_url https://access.redhat.com/errata/RHSA-2025:23531
reference_id RHSA-2025:23531
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23531
19
reference_url https://access.redhat.com/errata/RHSA-2026:22993
reference_id RHSA-2026:22993
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22993
20
reference_url https://access.redhat.com/errata/RHSA-2026:3461
reference_id RHSA-2026:3461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3461
21
reference_url https://access.redhat.com/errata/RHSA-2026:3462
reference_id RHSA-2026:3462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3462
fixed_packages
0
url pkg:deb/debian/starlette@0?distro=trixie
purl pkg:deb/debian/starlette@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0%3Fdistro=trixie
1
url pkg:deb/debian/starlette@0.14.1-1?distro=trixie
purl pkg:deb/debian/starlette@0.14.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c5q-buqw-u7ex
1
vulnerability VCID-71x5-qbjg-ukfq
2
vulnerability VCID-8crr-rfdt-p7bq
3
vulnerability VCID-vgxy-kjyx-bqfm
4
vulnerability VCID-z97b-rhv4-17c5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.14.1-1%3Fdistro=trixie
2
url pkg:deb/debian/starlette@0.26.1-1?distro=trixie
purl pkg:deb/debian/starlette@0.26.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.26.1-1%3Fdistro=trixie
3
url pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.46.1-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/starlette@0.50.0-1?distro=trixie
purl pkg:deb/debian/starlette@0.50.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.50.0-1%3Fdistro=trixie
5
url pkg:deb/debian/starlette@1.1.0-1?distro=trixie
purl pkg:deb/debian/starlette@1.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@1.1.0-1%3Fdistro=trixie
aliases CVE-2025-62727, GHSA-7f5h-v6xp-fcq8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wzh-4g3t-93gv
2
url VCID-71x5-qbjg-ukfq
vulnerability_id VCID-71x5-qbjg-ukfq
summary 
Starlette Denial of service (DoS) via multipart/form-data
Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and copy operations, and also consume more and more memory until the server starts swapping and grinds to a halt, or the OS terminates the server process with an OOM error. Uploading multiple such requests in parallel may be enough to render a service practically unusable, even if reasonable request size limits are enforced by a reverse proxy in front of Starlette.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47874.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47874.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47874
reference_id
reference_type
scores
0
value 0.00125
scoring_system epss
scoring_elements 0.31288
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47874
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47874
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/encode/starlette
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette
5
reference_url https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T16:23:43Z/
url https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085295
reference_id 1085295
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085295
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2318801
reference_id 2318801
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2318801
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47874
reference_id CVE-2024-47874
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47874
9
reference_url https://github.com/advisories/GHSA-f96h-pmfr-66vw
reference_id GHSA-f96h-pmfr-66vw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f96h-pmfr-66vw
10
reference_url https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw
reference_id GHSA-f96h-pmfr-66vw
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T16:23:43Z/
url https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw
fixed_packages
0
url pkg:deb/debian/starlette@0.26.1-1?distro=trixie
purl pkg:deb/debian/starlette@0.26.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.26.1-1%3Fdistro=trixie
1
url pkg:deb/debian/starlette@0.26.1-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/starlette@0.26.1-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.26.1-1%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/starlette@0.41.0-1?distro=trixie
purl pkg:deb/debian/starlette@0.41.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.41.0-1%3Fdistro=trixie
3
url pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.46.1-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/starlette@1.1.0-1?distro=trixie
purl pkg:deb/debian/starlette@1.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@1.1.0-1%3Fdistro=trixie
aliases CVE-2024-47874, GHSA-f96h-pmfr-66vw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71x5-qbjg-ukfq
3
url VCID-8crr-rfdt-p7bq
vulnerability_id VCID-8crr-rfdt-p7bq
summary There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30798
reference_id
reference_type
scores
0
value 0.0196
scoring_system epss
scoring_elements 0.83852
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30798
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30798
2
reference_url https://github.com/encode/starlette
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette
3
reference_url https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:30:33Z/
url https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
4
reference_url https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:30:33Z/
url https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-48.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-48.yaml
6
reference_url https://vulncheck.com/advisories/starlette-multipartparser-dos
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:30:33Z/
url https://vulncheck.com/advisories/starlette-multipartparser-dos
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30798
reference_id CVE-2023-30798
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30798
8
reference_url https://github.com/advisories/GHSA-74m5-2c7w-9w3x
reference_id GHSA-74m5-2c7w-9w3x
reference_type
scores
url https://github.com/advisories/GHSA-74m5-2c7w-9w3x
fixed_packages
0
url pkg:deb/debian/starlette@0.25.0-1?distro=trixie
purl pkg:deb/debian/starlette@0.25.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.25.0-1%3Fdistro=trixie
1
url pkg:deb/debian/starlette@0.26.1-1?distro=trixie
purl pkg:deb/debian/starlette@0.26.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.26.1-1%3Fdistro=trixie
2
url pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.46.1-3%252Bdeb13u1%3Fdistro=trixie
3
url pkg:deb/debian/starlette@1.1.0-1?distro=trixie
purl pkg:deb/debian/starlette@1.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@1.1.0-1%3Fdistro=trixie
aliases CVE-2023-30798, GHSA-74m5-2c7w-9w3x, GMS-2023-353, PYSEC-2023-48
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8crr-rfdt-p7bq
4
url VCID-vgxy-kjyx-bqfm
vulnerability_id VCID-vgxy-kjyx-bqfm
summary Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29159
reference_id
reference_type
scores
0
value 0.01591
scoring_system epss
scoring_elements 0.82025
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29159
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29159
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29159
2
reference_url https://github.com/encode/starlette
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette
3
reference_url https://github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172-L174
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172-L174
4
reference_url https://github.com/encode/starlette/commit/1797de464124b090f10cf570441e8292936d63e3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette/commit/1797de464124b090f10cf570441e8292936d63e3
5
reference_url https://github.com/encode/starlette/releases/tag/0.27.0
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T19:18:22Z/
url https://github.com/encode/starlette/releases/tag/0.27.0
6
reference_url https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T19:18:22Z/
url https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-83.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-83.yaml
8
reference_url https://jvn.jp/en/jp/JVN95981715
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN95981715
9
reference_url https://jvn.jp/en/jp/JVN95981715/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T19:18:22Z/
url https://jvn.jp/en/jp/JVN95981715/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29159
reference_id CVE-2023-29159
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29159
11
reference_url https://github.com/advisories/GHSA-v5gw-mw7f-84px
reference_id GHSA-v5gw-mw7f-84px
reference_type
scores
url https://github.com/advisories/GHSA-v5gw-mw7f-84px
fixed_packages
0
url pkg:deb/debian/starlette@0.26.1-1?distro=trixie
purl pkg:deb/debian/starlette@0.26.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.26.1-1%3Fdistro=trixie
1
url pkg:deb/debian/starlette@0.26.1-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/starlette@0.26.1-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.26.1-1%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/starlette@0.28.0-1?distro=trixie
purl pkg:deb/debian/starlette@0.28.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.28.0-1%3Fdistro=trixie
3
url pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.46.1-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/starlette@1.1.0-1?distro=trixie
purl pkg:deb/debian/starlette@1.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@1.1.0-1%3Fdistro=trixie
aliases CVE-2023-29159, GHSA-v5gw-mw7f-84px, GMS-2023-1556, PYSEC-2023-83
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgxy-kjyx-bqfm
5
url VCID-z97b-rhv4-17c5
vulnerability_id VCID-z97b-rhv4-17c5
summary 
Starlette has possible denial-of-service vector when parsing large files in multipart forms
When parsing a multi-part form with large files (greater than the [default max spool size](https://github.com/encode/starlette/blob/fa5355442753f794965ae1af0f87f9fec1b9a3de/starlette/formparsers.py#L126)) `starlette` will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54121.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54121.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54121
reference_id
reference_type
scores
0
value 0.0025
scoring_system epss
scoring_elements 0.48651
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54121
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54121
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/encode/starlette
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette
5
reference_url https://github.com/encode/starlette/blob/fa5355442753f794965ae1af0f87f9fec1b9a3de/starlette/datastructures.py#L436C5-L447C14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:54:16Z/
url https://github.com/encode/starlette/blob/fa5355442753f794965ae1af0f87f9fec1b9a3de/starlette/datastructures.py#L436C5-L447C14
6
reference_url https://github.com/encode/starlette/commit/9f7ec2eb512fcc3fe90b43cb9dd9e1d08696bec1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:54:16Z/
url https://github.com/encode/starlette/commit/9f7ec2eb512fcc3fe90b43cb9dd9e1d08696bec1
7
reference_url https://github.com/encode/starlette/discussions/2927#discussioncomment-13721403
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:54:16Z/
url https://github.com/encode/starlette/discussions/2927#discussioncomment-13721403
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109805
reference_id 1109805
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109805
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2382496
reference_id 2382496
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2382496
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54121
reference_id CVE-2025-54121
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54121
11
reference_url https://github.com/advisories/GHSA-2c2j-9gv5-cj73
reference_id GHSA-2c2j-9gv5-cj73
reference_type
scores
url https://github.com/advisories/GHSA-2c2j-9gv5-cj73
12
reference_url https://github.com/encode/starlette/security/advisories/GHSA-2c2j-9gv5-cj73
reference_id GHSA-2c2j-9gv5-cj73
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:54:16Z/
url https://github.com/encode/starlette/security/advisories/GHSA-2c2j-9gv5-cj73
fixed_packages
0
url pkg:deb/debian/starlette@0.26.1-1?distro=trixie
purl pkg:deb/debian/starlette@0.26.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.26.1-1%3Fdistro=trixie
1
url pkg:deb/debian/starlette@0.26.1-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/starlette@0.26.1-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.26.1-1%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/starlette@0.46.1-3?distro=trixie
purl pkg:deb/debian/starlette@0.46.1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.46.1-3%3Fdistro=trixie
3
url pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/starlette@0.46.1-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@0.46.1-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/starlette@1.1.0-1?distro=trixie
purl pkg:deb/debian/starlette@1.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@1.1.0-1%3Fdistro=trixie
aliases CVE-2025-54121, GHSA-2c2j-9gv5-cj73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z97b-rhv4-17c5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/starlette@1.1.0-1%3Fdistro=trixie