python-multipart
PyPI9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting python-multipartpage 1 of 1
- CVE-2024-24762HIGHCVSS 7.5EG 7.5✓ Fixed in 0.0.72024-02-05
vulnerable: 0.0.1 ... 0.0.6 (6 versions)
`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Typ…
- CVE-2024-53981HIGHCVSS 7.5EG 7.5✓ Fixed in 0.0.182024-12-02
vulnerable: 0.0.1 ... 0.0.9 (17 versions)
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at…
- CVE-2026-24486HIGHCVSS 7.5EG 8.6✓ Fixed in 0.0.222026-01-27
vulnerable: 0.0.1 ... 0.0.9 (21 versions)
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write up…
- CVE-2026-40347MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.0.262026-04-18
vulnerable: 0.0.1 ... 0.0.9 (25 versions)
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0…
- CVE-2026-42561HIGHCVSS 7.5EG 7.5✓ Fixed in 0.0.272026-05-13
vulnerable: 0.0.1 ... 0.0.9 (26 versions)
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limi…
- CVE-2026-53537MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.0.302026-06-15
vulnerable: 0.0.1 ... 0.0.9 (29 versions)
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The ex…
- CVE-2026-53538LOWCVSS 3.7EG 3.7✓ Fixed in 0.0.302026-06-15
vulnerable: 0.0.1 ... 0.0.9 (29 versions)
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Pyt…
- CVE-2026-53539HIGHCVSS 7.5EG 7.5✓ Fixed in 0.0.302026-06-15
vulnerable: 0.0.1 ... 0.0.9 (29 versions)
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remainin…
- CVE-2026-53540LOWCVSS 3.7EG 3.7✓ Fixed in 0.0.312026-06-15
vulnerable: 0.0.1 ... 0.0.9 (30 versions)
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bound…
Check whether python-multipart is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for python-multipart CVEs against the assets you own.
Start Free Scan →