VYPR
Vendor

Encode

Products
4
CVEs
5
Across products
5
Status
Private

Products

4

Recent CVEs

5
  • CVE-2026-48710MedMay 26, 2026
    risk 0.35cvss 6.5epss 0.01

    Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host`…

  • CVE-2024-21520MedJun 26, 2024
    risk 0.33cvss 6.1epss 0.01

    Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with tags.

  • CVE-2024-24762Feb 5, 2024
    risk 0.00cvss epss 0.02

    `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the…

  • CVE-2023-29159Jun 1, 2023
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.

  • CVE-2023-30798Apr 21, 2023
    risk 0.00cvss epss 0.01

    There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.