Security Advisories · Kludex/python-multipart · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters
GHSA-vffw-93wf-4j4q published Jun 4, 2026 by Kludex

Low
Semicolon treated as querystring field separator enables parameter smuggling
GHSA-6jv3-5f52-599m published Jun 4, 2026 by Kludex

Low
Quadratic-time querystring parsing with semicolon separators causes CPU denial of service
GHSA-5rvq-cxj2-64vf published Jun 4, 2026 by Kludex

High
Negative Content-Length in parse_form buffers the entire body in memory
GHSA-v9pg-7xvm-68hf published Jun 4, 2026 by Kludex

Low
Denial of Service via large multipart preamble or epilogue data
GHSA-mj87-hwqh-73pj published Apr 14, 2026 by Kludex

Moderate
Denial of Service via unbounded multipart part headers
GHSA-pp6c-gr5w-3c5g published Apr 29, 2026 by Kludex

High
Arbitrary file write via a non-default configuration
GHSA-wp53-j4wj-2cfg published Jan 25, 2026 by Kludex

High
Denial of service (DoS) via deformation `multipart/form-data` boundary
GHSA-59g5-xgcq-4qw3 published Nov 30, 2024 by Kludex

High
Content-Type Header ReDoS
GHSA-2jv5-9r88-3w3p published Feb 12, 2024 by Kludex

High