HIGH 7.5 PyPI
GHSA-2jv5-9r88-3w3p · CVE-2024-24762, GHSA-qf9m-vfgh-m389 python-multipart vulnerable to Content-Type Header ReDoS
Modified: 4/3/2026
package
PyPI / python-multipart
pkg:pypi/python-multipart
HIGH 7.5 PyPI
GHSA-59g5-xgcq-4qw3 · CVE-2024-53981 Denial of service (DoS) via deformation `multipart/form-data` boundary
Modified: 2/4/2026
HIGH 7.5 PyPI
GHSA-5rvq-cxj2-64vf · CVE-2026-53539 python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service
Modified: 6/15/2026
LOW 3.7 PyPI
GHSA-6jv3-5f52-599m · CVE-2026-53538 python-multipart: Semicolon treated as querystring field separator enables parameter smuggling
Modified: 6/15/2026
MEDIUM 5.3 PyPI
GHSA-mj87-hwqh-73pj · CVE-2026-40347 python-multipart affected by Denial of Service via large multipart preamble or epilogue data
Modified: 5/5/2026
HIGH 7.5 PyPI
GHSA-pp6c-gr5w-3c5g · CVE-2026-42561 python-multipart has Denial of Service via unbounded multipart part headers
Modified: 5/14/2026
LOW 3.7 PyPI
GHSA-v9pg-7xvm-68hf · CVE-2026-53540 python-multipart: Negative Content-Length in parse_form buffers the entire body in memory
Modified: 6/15/2026
LOW 3.7 PyPI
GHSA-vffw-93wf-4j4q · CVE-2026-53537 python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters
Modified: 6/15/2026
HIGH 8.6 PyPI
GHSA-wp53-j4wj-2cfg · CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration
Modified: 2/4/2026