HIGH 7.4 PyPI
GHSA-2p2x-hpg8-cqp2 · CVE-2026-25478 Litestar's CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins
Modified: 2/22/2026
package
PyPI / litestar
pkg:pypi/litestar
MEDIUM 5.9 PyPI
GHSA-3qmc-cj7q-62hv · CVE-2026-48061 Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header
Modified: 6/10/2026
HIGH 8.1 PyPI
GHSA-542p-wvx7-72m4 · CVE-2026-48060 Litestar has HTML Injection Through its CSRF Token
Modified: 6/10/2026
LOW 3.7 PyPI
GHSA-674p-xv2x-rf3g Litestar has potential log injection in exception logging
Modified: 8/12/2025
HIGH 8.2 PyPI
GHSA-83pv-qr33-2vcf · CVE-2024-32982 Litestar and Starlite vulnerable to Path Traversal
Modified: 7/8/2024
MEDIUM 6.5 PyPI
GHSA-93ph-p7v4-hwh4 · CVE-2026-25479 Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns
Modified: 2/22/2026
HIGH 7.5 PyPI
GHSA-gjcc-jvgw-wvwj · CVE-2024-52581, PYSEC-2024-178 Litestar allows unbounded resource consumption (DoS vulnerability)
Modified: 6/10/2026
HIGH 7.5 PyPI
GHSA-hm36-ffrh-c77c · CVE-2025-59152 Litestar X-Forwarded-For Header Spoofing Vulnerability Enables Rate Limit Evasion
Modified: 10/13/2025
MEDIUM 6.5 PyPI
GHSA-vxqx-rh46-q2pg · CVE-2026-25480 Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)
Modified: 2/22/2026
HIGH 7.5 PyPI
PYSEC-2024-178 · CVE-2024-52581, GHSA-gjcc-jvgw-wvwj Modified: 6/10/2026