Vulnerabilities > Encode

DATE CVE VULNERABILITY TITLE RISK
2023-06-01 CVE-2023-29159 Path Traversal vulnerability in Encode Starlette
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
network
low complexity
encode CWE-22
7.5
2023-04-21 CVE-2023-30798 Resource Exhaustion vulnerability in Encode Starlette
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.
network
low complexity
encode CWE-400
7.5
2022-04-28 CVE-2021-41945 Improper Input Validation vulnerability in Encode Httpx
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
network
low complexity
encode CWE-20
critical
9.1
2020-09-30 CVE-2020-25626 Cross-site Scripting vulnerability in multiple products
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2.
network
low complexity
encode redhat debian CWE-79
6.1
2020-07-27 CVE-2020-7695 Injection vulnerability in Encode Uvicorn
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting.
network
low complexity
encode CWE-74
5.3
2020-07-27 CVE-2020-7694 Injection vulnerability in Encode Uvicorn
This affects all versions of package uvicorn.
network
low complexity
encode CWE-74
5.0