VYPR
Vendor

Emmett Framework

Products
3
CVEs
4
Across products
4
Status
Private

Products

3

Recent CVEs

4
  • CVE-2026-39847CriApr 7, 2026
    risk 0.52cvss 9.1epss 0.01

    Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets (/__emmett__ paths) is vulnerable to path traversal attacks. An attacker can use ../ sequences (eg…

  • CVE-2026-42544HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket…

  • CVE-2026-25577HigFeb 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500…

  • CVE-2026-42545MedMay 12, 2026
    risk 0.31cvss 5.9epss 0.00

    Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value…