Every CVE whose affected-product data names Encode Uvicorn, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2020-7695 — CVSS 5.3 (medium): Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can…
CVE-2020-7694 — CVSS 3.7 (low): This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection…