CVE-2025-54121
- EPSS 0.07%
- Published 21.07.2025 20:15:41
- Last modified 22.07.2025 13:05:40
Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max...
CVE-2025-0182
- EPSS 0.11%
- Published 20.03.2025 10:10:00
- Last modified 20.03.2025 10:15:50
A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory exhaustion. The issue arises from the use of a vulnerable version of the starlette package (<=0.49) via fastapi, which was patched in fastapi version 0.11...
CVE-2024-47874
- EPSS 0.07%
- Published 15.10.2024 16:15:05
- Last modified 21.11.2024 17:15:17
Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This ...
CVE-2023-29159
- EPSS 1.33%
- Published 01.06.2023 02:15:09
- Last modified 09.01.2025 20:15:33
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
CVE-2023-30798
- EPSS 0.73%
- Published 21.04.2023 16:15:07
- Last modified 21.11.2024 08:00:55
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of servic...