Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
PYSEC-2026-3036
  • PyPI/python-multipart
python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service 4 days ago
  • Fix available
  • Severity - 7.5 (High)
PYSEC-2026-3040
  • PyPI/python-multipart
python-multipart: Negative Content-Length in parse_form buffers the entire body in memory 4 days ago
  • Fix available
  • Severity - 3.7 (Low)
PYSEC-2026-3037
  • PyPI/python-multipart
python-multipart: Semicolon treated as querystring field separator enables parameter smuggling 4 days ago
  • Fix available
  • Severity - 3.7 (Low)
PYSEC-2026-3041
  • PyPI/python-multipart
python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters 4 days ago
  • Fix available
  • Severity - 3.7 (Low)
PYSEC-2026-3039
  • PyPI/python-multipart
python-multipart has Denial of Service via unbounded multipart part headers 4 days ago
  • Fix available
  • Severity - 7.5 (High)
PYSEC-2026-3038
  • PyPI/python-multipart
python-multipart affected by Denial of Service via large multipart preamble or epilogue data 4 days ago
  • Fix available
  • Severity - 5.3 (Medium)
PYSEC-2026-1852
  • PyPI/python-multipart
Python-Multipart has Arbitrary File Write via Non-Default Configuration 07 Jul
  • Fix available
  • Severity - 8.6 (High)
PYSEC-2026-1851
  • PyPI/python-multipart
Denial of service (DoS) via deformation `multipart/form-data` boundary 07 Jul
  • Fix available
  • Severity - 8.7 (High)
PYSEC-2026-1850
  • PyPI/python-multipart
python-multipart vulnerable to Content-Type Header ReDoS 07 Jul
  • Fix available
  • Severity - 7.5 (High)
GHSA-5rvq-cxj2-64vf
  • PyPI/python-multipart
python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service 15 Jun
  • Fix available
  • Severity - 7.5 (High)
GHSA-v9pg-7xvm-68hf
  • PyPI/python-multipart
python-multipart: Negative Content-Length in parse_form buffers the entire body in memory 15 Jun
  • Fix available
  • Severity - 3.7 (Low)
GHSA-6jv3-5f52-599m
  • PyPI/python-multipart
python-multipart: Semicolon treated as querystring field separator enables parameter smuggling 15 Jun
  • Fix available
  • Severity - 3.7 (Low)
GHSA-vffw-93wf-4j4q
  • PyPI/python-multipart
python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters 15 Jun
  • Fix available
  • Severity - 3.7 (Low)
GHSA-pp6c-gr5w-3c5g
  • PyPI/python-multipart
python-multipart has Denial of Service via unbounded multipart part headers 06 May
  • Fix available
  • Severity - 7.5 (High)
GHSA-mj87-hwqh-73pj
  • PyPI/python-multipart
python-multipart affected by Denial of Service via large multipart preamble or epilogue data 15 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-wp53-j4wj-2cfg
  • PyPI/python-multipart
Python-Multipart has Arbitrary File Write via Non-Default Configuration 26 Jan
  • Fix available
  • Severity - 8.6 (High)