VulnerableCode Package Details - pkg:pypi/fastapi@0.1.4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/fastapi@0.1.4

Essentials
History (2)

purl	pkg:pypi/fastapi@0.1.4

Next non-vulnerable version	0.109.1
Latest non-vulnerable version	0.109.1
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-wupx-xjc5-47at Aliases: CVE-2024-24762 GHSA-qf9m-vfgh-m389 PYSEC-2024-38	FastAPI is a web framework for building APIs with Python 3.8+ based on standard Python type hints. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests. It's a ReDoS(Regular expression Denial of Service), it only applies to those reading form data, using `python-multipart`. This vulnerability has been patched in version 0.109.1.	0.109.1 Affected by 0 other vulnerabilities.
VCID-zsh6-2zd9-dqck Aliases: CVE-2021-32677 GHSA-8h2j-cgx8-6xv7 PYSEC-2021-100	cross-site request forgery	0.65.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:20:51.628441+00:00	Pypa Importer	Affected by	VCID-wupx-xjc5-47at	https://github.com/pypa/advisory-database/blob/main/vulns/fastapi/PYSEC-2024-38.yaml	38.6.0
2026-06-02T04:14:10.180591+00:00	Pypa Importer	Affected by	VCID-zsh6-2zd9-dqck	https://github.com/pypa/advisory-database/blob/main/vulns/fastapi/PYSEC-2021-100.yaml	38.6.0