Every CVE whose affected-product data names Encode Starlette, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2026-54283 — CVSS 7.5 (high): Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form() accepts max_fields and max_part_size to bound…
CVE-2023-30798 — CVSS 7.5 (high): There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to…
CVE-2023-29159 — CVSS 7.5 (high): Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to…
CVE-2026-48818 — CVSS 7.5 (high): Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path…
CVE-2026-48710 — CVSS 6.5 (medium): Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being…
CVE-2026-48817 — CVSS 5.3 (medium): Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the…
CVE-2026-54282 — CVSS 3.7 (low): Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct…