All 8 CVE vulnerabilities found in starlette, with AI-generated Chinese analysis, references, and POCs.
Vendor: Encode
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-48817 | Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr` CWE-470 | 5.3 | Medium | 2026-06-17 |
| CVE-2026-48818 | Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows CWE-918 | 7.5 | High | 2026-06-17 |
| CVE-2026-48710 | Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks CWE-444 | 6.5 | Medium | 2026-05-26 |
| CVE-2025-62727 | Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse CWE-407 | 7.5 | High | 2025-10-28 |
| CVE-2025-54121 | Starlette has possible denial-of-service vector when parsing large files in multipart forms CWE-770 | 5.3 | Medium | 2025-07-21 |
| CVE-2024-47874 | Starlette Denial of service (DoS) via multipart/form-data CWE-770 | 7.5 | - | 2024-10-15 |
| CVE-2023-29159 | Starlette 路径遍历漏洞 | 7.5 | - | 2023-06-01 |
| CVE-2023-30798 | MultipartParser DOS with too many fields or files in Starlette Framework CWE-400 | 7.5 | High | 2023-04-21 |
All 8 known CVE vulnerabilities affecting starlette with full Chinese analysis, references, and POCs where available.