Encode Starlette
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Encode Starlette.
By the Year
In 2026 there have been 0 vulnerabilities in Encode Starlette. Last year, in 2025 Starlette had 1 security vulnerability published. Right now, Starlette is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 7.50 |
| 2024 | 1 | 7.50 |
| 2023 | 2 | 7.50 |
It may take a day or so for new Starlette vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Encode Starlette Security Vulnerabilities
Starlette FileResponse CPU Exhaustion via Range Header (0.49.0)
CVE-2025-62727
7.5 - High
- October 28, 2025
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denialofservice for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.
Inefficient Algorithmic Complexity
ReDoS: Content-Type parsing in python-multipart v0.0.6 or below
CVE-2024-24762
7.5 - High
- February 05, 2024
`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.
ReDoS
Directory Traversal in Starlette 0.13.5<0.27.0 (remote, unauthenticated)
CVE-2023-29159
7.5 - High
- June 01, 2023
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
Directory traversal
Excessive Memory DoS via MultipartParser in Starlette <0.25.0
CVE-2023-30798
7.5 - High
- April 21, 2023
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Encode Starlette or by Encode? Click the Watch button to subscribe.
