Security: starlette CVE-2025-54121 appears reachable in BiliNote
Summary
During local dependency-impact validation, we observed behavior indicating that
JefferyHcool/BiliNote reaches code paths involving vulnerable starlette versions. Please review
whether the project currently pins or allows affected starlette releases, and upgrade or constrain
the dependency if needed.
Affected dependency
Advisories observed
Local validation notes
- CVE-2025-54121, starlette 0.46.1: Local proof exercised the file upload path associated with Starlette multipart parsing.
Suggested fix
Please upgrade starlette to a version that includes the upstream security fixes for the advisories
above, or add a dependency constraint that prevents affected versions from being installed.
Disclosure note
We have not opened a public security issue elsewhere for these rows. If you prefer a private disclosure route, please point us to the right channel.
Security: starlette CVE-2025-54121 appears reachable in BiliNote
Summary
During local dependency-impact validation, we observed behavior indicating that
JefferyHcool/BiliNote reaches code paths involving vulnerable starlette versions. Please review
whether the project currently pins or allows affected starlette releases, and upgrade or constrain
the dependency if needed.
Affected dependency
starletteAdvisories observed
Local validation notes
Suggested fix
Please upgrade starlette to a version that includes the upstream security fixes for the advisories
above, or add a dependency constraint that prevents affected versions from being installed.
Disclosure note
We have not opened a public security issue elsewhere for these rows. If you prefer a private disclosure route, please point us to the right channel.