All FastAPI CVEs — Complete Vulnerability History
FastAPI is Python's fastest-growing web framework. Its CVEs come primarily through Starlette (its ASGI foundation) and pydantic (its validation layer).
PyPI
20M+ weekly downloads
1 CVE total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2024-24762 | 2024 | HIGH | ReDoS via crafted multipart form data | Fixed 0.109.1 |
Current safe version: 0.109.1
# Before fastapi==0.100.0
# After fastapi==0.109.1
Then run: pip install -r requirements.txt
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Does FastAPI have many direct CVEs?
FastAPI itself has very few direct CVEs — most FastAPI security issues come through Starlette or pydantic. Keeping the full stack updated together is the safest approach.