FastAPI / Python security posture
Review linked rules in the directory and use Composer to export guardrails for your IDE. Detailed posture metrics will appear here as the catalog grows.
2 linked rules in the directory.
Top risks for this stack
01 critical04 high
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checksMEDIUM
Jun 2026
No rule coverage yet — consider contributing a rule.
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``HIGH
Oct 2025
Rule coverage exists — verify in Composer export.
FastAPI Guard regex bypass — XSS/SQLi through middlewareHIGH
Jul 2025
Rule coverage exists — verify in Composer export.
Starlette has possible denial-of-service vector when parsing large files in multipart formsMEDIUM
Jul 2025
Rule coverage exists — verify in Composer export.
fastapi-guard is vulnerable to ReDoS through inefficient regexHIGH
Jul 2025
Rule coverage exists — verify in Composer export.
Starlette Denial of service (DoS) via multipart/form-dataHIGH
Oct 2024
Rule coverage exists — verify in Composer export.
python-jose algorithm confusion with OpenSSH ECDSA keysCRITICAL
Apr 2024
Rule coverage exists — verify in Composer export.
python-jose denial of service via compressed JWE contentMEDIUM
Apr 2024
Rule coverage exists — verify in Composer export.