Litestar Support & Health

Security

Known Vulnerabilities

8 active CVEs reported via OSV.dev

GHSA-2p2x-hpg8-cqp2 CVSS_V3

Litestar's CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins

Published: 2026-02-09 Fixed in: 2.20.0

GHSA-674p-xv2x-rf3g CVSS_V3

Litestar has potential log injection in exception logging

Published: 2025-08-11 Fixed in: 2.17.0

GHSA-83pv-qr33-2vcf CVSS_V3

Litestar and Starlite vulnerable to Path Traversal

Published: 2024-05-06 Fixed in: 2.8.3

GHSA-93ph-p7v4-hwh4 CVSS_V3

Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns

Published: 2026-02-09 Fixed in: 2.20.0

GHSA-gjcc-jvgw-wvwj CVSS_V3

Litestar allows unbounded resource consumption (DoS vulnerability)

Published: 2024-11-20 Fixed in: 2.13.0

GHSA-hm36-ffrh-c77c CVSS_V3

Litestar X-Forwarded-For Header Spoofing Vulnerability Enables Rate Limit Evasion

Published: 2025-10-06 Fixed in: 2.18.0

GHSA-vxqx-rh46-q2pg CVSS_V3

Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)

Published: 2026-02-09 Fixed in: 2.20.0

PYSEC-2024-178 CVSS_V3

Published: 2024-11-20 Fixed in: 53c1473b5ff7502816a9a339ffc90731bb0c2138