Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-1422
  • PyPI/fastapi-middleware-cors
 Malicious code in fastapi-middleware-cors (PyPI) 13 Mar
  • No fix available
MAL-2026-1261
  • PyPI/fastapi-requests
 Malicious code in fastapi-requests (PyPI) 06 Mar
  • No fix available
GHSA-95c6-p277-p87g
  • PyPI/fastapi-api-key
 FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection 21 Jan
  • Fix available
  • Severity - 3.7 (Low)
GHSA-5j53-63w8-8625
  • PyPI/fastapi-users
 FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO 19 Dec 2025
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-hp6r-r9vc-q8wx
  • PyPI/fastapi-sso
 FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation 19 Dec 2025
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-rrf6-pxg8-684g
  • PyPI/fastapi-guard
 FastAPI Guard has a regex bypass 23 Jul 2025
  • Fix available
  • Severity - 7.8 (High)
GHSA-j47q-rc62-w448
  • PyPI/fastapi-guard
 fastapi-guard is vulnerable to ReDoS through inefficient regex 07 Jul 2025
  • Fix available
  • Severity - 6.9 (Medium)
MAL-2025-191752
  • PyPI/helmet-fastapi
 Malicious code in helmet-fastapi (PyPI) 30 Apr 2025
  • No fix available
GHSA-22xm-w7r2-834q
  • PyPI/fastapi-admin
 FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function 26 Aug 2024
  • No fix available
  • Severity - 5.1 (Medium)
GHSA-grqx-r2q2-j425
  • PyPI/fastapi-admin
 FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function 26 Aug 2024
  • No fix available
  • Severity - 5.1 (Medium)
GHSA-5f5c-8rvc-j8wf
  • PyPI/fastapi-opa
 OpaMiddleware does not filter HTTP OPTIONS requests 15 Jul 2024
  • Fix available
  • Severity - 6.9 (Medium)
MAL-2024-5130
  • PyPI/fastapi-https
 Malicious code in fastapi-https (PyPI) 25 Jun 2024
  • No fix available
PYSEC-2024-38
  • PyPI/fastapi
  • github.com/tiangolo/fastapi
 See record for full details 05 Feb 2024
  • Fix available
  • Severity - 7.5 (High)
GHSA-7vwr-g6pm-9hc8
  • PyPI/fastapi-proxy-lib
 Cookie leakage between different users in fastapi-proxy-lib 01 Dec 2023
  • Fix available
  • Severity - 7.5 (High)
GHSA-8h2j-cgx8-6xv7
  • PyPI/fastapi
 Cross-Site Request Forgery (CSRF) in FastAPI 10 Jun 2021
  • Fix available
  • Severity - 8.8 (High)
PYSEC-2021-100
  • PyPI/fastapi
  • github.com/tiangolo/fastapi
 See record for full details 09 Jun 2021
  • Fix available