Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/starlette@0.8.2
Typepypi
Namespace
Namestarlette
Version0.8.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.1
Latest_non_vulnerable_version1.0.1
Affected_by_vulnerabilities
0
url VCID-48zt-t6j2-efcg
vulnerability_id VCID-48zt-t6j2-efcg
summary Duplicate Advisory: Starlette Content-Type Header ReDoS
references
0
reference_url https://github.com/encode/starlette
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette
1
reference_url https://github.com/advisories/GHSA-93gm-qmq6-w238
reference_id GHSA-93gm-qmq6-w238
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93gm-qmq6-w238
2
reference_url https://github.com/encode/starlette/security/advisories/GHSA-93gm-qmq6-w238
reference_id GHSA-93gm-qmq6-w238
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette/security/advisories/GHSA-93gm-qmq6-w238
fixed_packages
0
url pkg:pypi/starlette@0.36.2
purl pkg:pypi/starlette@0.36.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65ct-ffep-m3cq
1
vulnerability VCID-mwyw-5gax-ubdh
2
vulnerability VCID-wdhk-wxfs-nyge
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlette@0.36.2
aliases GHSA-93gm-qmq6-w238, GMS-2024-92
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48zt-t6j2-efcg
1
url VCID-65ct-ffep-m3cq
vulnerability_id VCID-65ct-ffep-m3cq
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-48710.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-48710.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-48710
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.58156
published_at 2026-06-12T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.58043
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-48710
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48710
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48710
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Kludex/starlette
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Kludex/starlette
5
reference_url https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette/
reference_id
reference_type
scores
url https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette/
6
reference_url https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette/
reference_id
reference_type
scores
url https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette/
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137375
reference_id 1137375
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137375
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2481742
reference_id 2481742
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2481742
9
reference_url https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6
reference_id 764dab0dcfb9033d75442d7a359645c9f94648c6
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6
10
reference_url https://badhost.org
reference_id badhost.org
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://badhost.org
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-48710
reference_id CVE-2026-48710
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-48710
12
reference_url https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette
reference_id disclosing-the-badhost-vulnerability-in-starlette
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette
13
reference_url https://github.com/advisories/GHSA-86qp-5c8j-p5mr
reference_id GHSA-86qp-5c8j-p5mr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-86qp-5c8j-p5mr
14
reference_url https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
reference_id GHSA-86qp-5c8j-p5mr
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
15
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml
reference_id PYSEC-2026-161.yaml
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml
16
reference_url https://access.redhat.com/errata/RHSA-2026:22992
reference_id RHSA-2026:22992
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22992
17
reference_url https://access.redhat.com/errata/RHSA-2026:22993
reference_id RHSA-2026:22993
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22993
18
reference_url https://access.redhat.com/errata/RHSA-2026:23346
reference_id RHSA-2026:23346
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23346
19
reference_url https://access.redhat.com/errata/RHSA-2026:24866
reference_id RHSA-2026:24866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:24866
20
reference_url https://www.secwest.net/starlette
reference_id starlette
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://www.secwest.net/starlette
21
reference_url https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette
reference_id x41-2026-002-starlette
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:22:19Z/
url https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette
fixed_packages
0
url pkg:pypi/starlette@1.0.1
purl pkg:pypi/starlette@1.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlette@1.0.1
aliases CVE-2026-48710, GHSA-86qp-5c8j-p5mr, PYSEC-2026-161, X41-2026-002
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65ct-ffep-m3cq
2
url VCID-7qz6-kc59-f7h1
vulnerability_id VCID-7qz6-kc59-f7h1
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24762
reference_id
reference_type
scores
0
value 0.03333
scoring_system epss
scoring_elements 0.87567
published_at 2026-06-11T12:55:00Z
1
value 0.03333
scoring_system epss
scoring_elements 0.8761
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24762
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24762
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24762
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/github/advisory-database/pull/4829
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/4829
4
reference_url https://github.com/Kludex/python-multipart
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Kludex/python-multipart
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/fastapi/PYSEC-2024-38.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/fastapi/PYSEC-2024-38.yaml
6
reference_url https://github.com/tiangolo/fastapi/releases/tag/0.109.1
reference_id 0.109.1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:44:44Z/
url https://github.com/tiangolo/fastapi/releases/tag/0.109.1
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063538
reference_id 1063538
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063538
8
reference_url https://github.com/encode/starlette/commit/13e5c26a27f4903924624736abd6131b2da80cc5
reference_id 13e5c26a27f4903924624736abd6131b2da80cc5
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:44:44Z/
url https://github.com/encode/starlette/commit/13e5c26a27f4903924624736abd6131b2da80cc5
9
reference_url https://github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4
reference_id 20f0ef6b4e4caf7d69a667c54dff57fe467109a4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:44:44Z/
url https://github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4
10
reference_url https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc
reference_id 9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:44:44Z/
url https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24762
reference_id CVE-2024-24762
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24762
12
reference_url https://github.com/advisories/GHSA-2jv5-9r88-3w3p
reference_id GHSA-2jv5-9r88-3w3p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2jv5-9r88-3w3p
13
reference_url https://github.com/Kludex/python-multipart/security/advisories/GHSA-2jv5-9r88-3w3p
reference_id GHSA-2jv5-9r88-3w3p
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:44:44Z/
url https://github.com/Kludex/python-multipart/security/advisories/GHSA-2jv5-9r88-3w3p
14
reference_url https://github.com/encode/starlette/security/advisories/GHSA-93gm-qmq6-w238
reference_id GHSA-93gm-qmq6-w238
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:44:44Z/
url https://github.com/encode/starlette/security/advisories/GHSA-93gm-qmq6-w238
15
reference_url https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389
reference_id GHSA-qf9m-vfgh-m389
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:44:44Z/
url https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389
16
reference_url https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74
reference_id multipart.py#L72-L74
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:44:44Z/
url https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74
17
reference_url https://usn.ubuntu.com/8027-1/
reference_id USN-8027-1
reference_type
scores
url https://usn.ubuntu.com/8027-1/
fixed_packages
0
url pkg:pypi/starlette@0.36.2
purl pkg:pypi/starlette@0.36.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65ct-ffep-m3cq
1
vulnerability VCID-mwyw-5gax-ubdh
2
vulnerability VCID-wdhk-wxfs-nyge
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlette@0.36.2
aliases CVE-2024-24762, GHSA-2jv5-9r88-3w3p, GMS-2024-249
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qz6-kc59-f7h1
3
url VCID-a7mk-yzxu-r7fy
vulnerability_id VCID-a7mk-yzxu-r7fy
summary 
Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-74m5-2c7w-9w3x. This link is maintained to preserve external references.

## Original Description
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.
references
0
reference_url https://github.com/encode/starlette
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30798
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30798
2
reference_url https://github.com/advisories/GHSA-3qj8-93xh-pwh2
reference_id GHSA-3qj8-93xh-pwh2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3qj8-93xh-pwh2
3
reference_url https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
reference_id GHSA-74m5-2c7w-9w3x
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
fixed_packages
0
url pkg:pypi/starlette@0.25.0
purl pkg:pypi/starlette@0.25.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2npr-856m-4ucq
1
vulnerability VCID-48zt-t6j2-efcg
2
vulnerability VCID-65ct-ffep-m3cq
3
vulnerability VCID-7qz6-kc59-f7h1
4
vulnerability VCID-mwyw-5gax-ubdh
5
vulnerability VCID-wdhk-wxfs-nyge
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlette@0.25.0
aliases GHSA-3qj8-93xh-pwh2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7mk-yzxu-r7fy
4
url VCID-dh48-nstf-c7c3
vulnerability_id VCID-dh48-nstf-c7c3
summary There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30798
reference_id
reference_type
scores
0
value 0.01949
scoring_system epss
scoring_elements 0.83901
published_at 2026-06-12T12:55:00Z
1
value 0.01949
scoring_system epss
scoring_elements 0.83844
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30798
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30798
2
reference_url https://github.com/encode/starlette
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-48.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-48.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30798
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30798
5
reference_url https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
reference_id 8c74c2c8dba7030154f8af18e016136bea1938fa
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:30:33Z/
url https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
6
reference_url https://github.com/advisories/GHSA-74m5-2c7w-9w3x
reference_id GHSA-74m5-2c7w-9w3x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-74m5-2c7w-9w3x
7
reference_url https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
reference_id GHSA-74m5-2c7w-9w3x
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:30:33Z/
url https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
8
reference_url https://vulncheck.com/advisories/starlette-multipartparser-dos
reference_id starlette-multipartparser-dos
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:30:33Z/
url https://vulncheck.com/advisories/starlette-multipartparser-dos
fixed_packages
0
url pkg:pypi/starlette@0.25.0
purl pkg:pypi/starlette@0.25.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2npr-856m-4ucq
1
vulnerability VCID-48zt-t6j2-efcg
2
vulnerability VCID-65ct-ffep-m3cq
3
vulnerability VCID-7qz6-kc59-f7h1
4
vulnerability VCID-mwyw-5gax-ubdh
5
vulnerability VCID-wdhk-wxfs-nyge
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlette@0.25.0
aliases CVE-2023-30798, GHSA-74m5-2c7w-9w3x, GMS-2023-353, PYSEC-2023-48
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dh48-nstf-c7c3
5
url VCID-mwyw-5gax-ubdh
vulnerability_id VCID-mwyw-5gax-ubdh
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47874.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47874.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47874
reference_id
reference_type
scores
0
value 0.00125
scoring_system epss
scoring_elements 0.31256
published_at 2026-06-11T12:55:00Z
1
value 0.00125
scoring_system epss
scoring_elements 0.31449
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47874
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47874
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/encode/starlette
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085295
reference_id 1085295
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085295
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2318801
reference_id 2318801
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2318801
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47874
reference_id CVE-2024-47874
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47874
8
reference_url https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733
reference_id fd038f3070c302bff17ef7d173dbb0b007617733
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T16:23:43Z/
url https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733
9
reference_url https://github.com/advisories/GHSA-f96h-pmfr-66vw
reference_id GHSA-f96h-pmfr-66vw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f96h-pmfr-66vw
10
reference_url https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw
reference_id GHSA-f96h-pmfr-66vw
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T16:23:43Z/
url https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw
fixed_packages
0
url pkg:pypi/starlette@0.40.0
purl pkg:pypi/starlette@0.40.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65ct-ffep-m3cq
1
vulnerability VCID-68nf-yepa-23fg
2
vulnerability VCID-wdhk-wxfs-nyge
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlette@0.40.0
aliases CVE-2024-47874, GHSA-f96h-pmfr-66vw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwyw-5gax-ubdh
6
url VCID-wdhk-wxfs-nyge
vulnerability_id VCID-wdhk-wxfs-nyge
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54121.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54121.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54121
reference_id
reference_type
scores
0
value 0.0025
scoring_system epss
scoring_elements 0.48822
published_at 2026-06-12T12:55:00Z
1
value 0.0025
scoring_system epss
scoring_elements 0.48685
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54121
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54121
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/encode/starlette
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/encode/starlette
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54121
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54121
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109805
reference_id 1109805
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109805
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2382496
reference_id 2382496
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2382496
8
reference_url https://github.com/encode/starlette/discussions/2927#discussioncomment-13721403
reference_id 2927#discussioncomment-13721403
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:54:16Z/
url https://github.com/encode/starlette/discussions/2927#discussioncomment-13721403
9
reference_url https://github.com/encode/starlette/commit/9f7ec2eb512fcc3fe90b43cb9dd9e1d08696bec1
reference_id 9f7ec2eb512fcc3fe90b43cb9dd9e1d08696bec1
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:54:16Z/
url https://github.com/encode/starlette/commit/9f7ec2eb512fcc3fe90b43cb9dd9e1d08696bec1
10
reference_url https://github.com/encode/starlette/blob/fa5355442753f794965ae1af0f87f9fec1b9a3de/starlette/datastructures.py#L436C5-L447C14
reference_id datastructures.py#L436C5-L447C14
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:54:16Z/
url https://github.com/encode/starlette/blob/fa5355442753f794965ae1af0f87f9fec1b9a3de/starlette/datastructures.py#L436C5-L447C14
11
reference_url https://github.com/advisories/GHSA-2c2j-9gv5-cj73
reference_id GHSA-2c2j-9gv5-cj73
reference_type
scores
url https://github.com/advisories/GHSA-2c2j-9gv5-cj73
12
reference_url https://github.com/encode/starlette/security/advisories/GHSA-2c2j-9gv5-cj73
reference_id GHSA-2c2j-9gv5-cj73
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:54:16Z/
url https://github.com/encode/starlette/security/advisories/GHSA-2c2j-9gv5-cj73
fixed_packages
0
url pkg:pypi/starlette@0.47.2
purl pkg:pypi/starlette@0.47.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65ct-ffep-m3cq
1
vulnerability VCID-68nf-yepa-23fg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starlette@0.47.2
aliases CVE-2025-54121, GHSA-2c2j-9gv5-cj73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wdhk-wxfs-nyge
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/starlette@0.8.2