All Starlette CVEs — Complete Vulnerability History
Starlette is the ASGI framework underlying FastAPI. CVEs here affect all FastAPI applications since Starlette handles request parsing and middleware.
PyPI
20M+ weekly downloads
2 CVEs total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2023-29159 | 2023 | HIGH | Path traversal in StaticFiles handler | Fixed 0.27.0 |
| CVE-2024-24762 | 2024 | HIGH | ReDoS via multipart form parsing | Fixed 0.37.2 |
Current safe version: 0.37.2
# Before starlette==0.27.0
# After starlette==0.37.2
Then run: pip install -r requirements.txt
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Does updating FastAPI update Starlette?
FastAPI pins a minimum Starlette version but not the latest. Specify starlette explicitly in requirements.txt to ensure you're on a patched version.