← Back to the AI Dependency AtlasExact package identity dossier

starlette

pypi:starlette
pypi

This dossier links the stable identity pypi:starlette to 8 exact observed versions across 9 public repositories.

pypipypi:starletteecosystem:name + exact version + evidence path

A package identity or provider interface in published code does not prove configuration, an account, procurement, data transfer or an API call.

ecosystem:name + exact version + evidence path
9repositories
10exact evidence rows
8exact versions
1reported license expression
8OSV records returned
Exact published evidence

Observed exact versions and registry metadata

Publication age and licenses come from deps.dev metadata. They are context—not a maintenance, legal or portability verdict.

Exact version0.37.205 Mar 2024
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
no verified publish attestation reported7 OSV records
Open exact source ↗
Exact version0.44.028 Dec 2024
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
no verified publish attestation reported7 OSV records
Open exact source ↗
Exact version0.46.213 Apr 2025
Repositories
2
Occurrences
2
Reported licenses
BSD-3-Clause
no verified publish attestation reported7 OSV records
Open exact source ↗
Exact version0.47.324 Aug 2025
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
no verified publish attestation reported6 OSV records
Open exact source ↗
Exact version0.49.028 Oct 2025
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
verified publish attestation6 OSV records
Open exact source ↗
Exact version0.49.301 Nov 2025
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
verified publish attestation5 OSV records
Open exact source ↗
Exact version0.50.001 Nov 2025
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
verified publish attestation5 OSV records
Open exact source ↗
Exact version1.3.112 Jun 2026
Repositories
1
Occurrences
2
Reported licenses
BSD-3-Clause
verified publish attestationNo OSV record returned for this exact version
Open exact source ↗
Observed relations

Repositories carrying this identity

MUCGPTlandeshauptstadt-muenchen/mucgpt
1.3.12 Occurrences
kiva-llm-gatewaybaden-wuerttemberg/innenministerium/kiva.platform/kiva-llm-gateway
0.44.01 Occurrence
Coding Agent Usage Simulationuba-ki-lab/coding-agent-usage-simulation
0.49.01 Occurrence
GSA Extractionuba-ki-lab/gsa-extraction
0.46.21 Occurrence
LLM Questionnaire Benchmarking Frameworkuba-ki-lab/llm-questionnaire-benchmarking-framework
0.47.31 Occurrence
LLM Testframeworkuba-ki-lab/llm-testframework
0.46.21 Occurrence
Objection managementuba-ki-lab/objection-management
0.37.21 Occurrence
Ressource Efficient Computer Visionuba-ki-lab/ressource-efficient-computer-vision
0.50.01 Occurrence
Workshop Green LLM Usageuba-ki-lab/workshop-green-llm-usage
0.49.31 Occurrence
Exact published evidence

exact evidence rows

Coding Agent Usage Simulationuba-ki-lab/coding-agent-usage-simulation
pypi:starlette@0.49.0uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
GSA Extractionuba-ki-lab/gsa-extraction
pypi:starlette@0.46.2uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
kiva-llm-gatewaybaden-wuerttemberg/innenministerium/kiva.platform/kiva-llm-gateway
pypi:starlette@0.44.0poetry.lock
declaration relationship not reportednot marked as development-only
Open exact source ↗
LLM Questionnaire Benchmarking Frameworkuba-ki-lab/llm-questionnaire-benchmarking-framework
pypi:starlette@0.47.3uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
LLM Testframeworkuba-ki-lab/llm-testframework
pypi:starlette@0.46.2uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
MUCGPTlandeshauptstadt-muenchen/mucgpt
pypi:starlette@1.3.1mucgpt-assistant-service/uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
MUCGPTlandeshauptstadt-muenchen/mucgpt
pypi:starlette@1.3.1mucgpt-core-service/uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Objection managementuba-ki-lab/objection-management
pypi:starlette@0.37.2uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Ressource Efficient Computer Visionuba-ki-lab/ressource-efficient-computer-vision
pypi:starlette@0.50.0uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Workshop Green LLM Usageuba-ki-lab/workshop-green-llm-usage
pypi:starlette@0.49.3uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
OSV

Related OSV records

GHSA-2c2j-9gv5-cj73

Starlette has possible denial-of-service vector when parsing large files in multipart forms

4 repositories07 Jul 2026
GHSA-7f5h-v6xp-fcq8

Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``

5 repositories07 Jul 2026
GHSA-82w8-qh3p-5jfq

Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

8 repositories27 Jun 2026
GHSA-86qp-5c8j-p5mr

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

8 repositories10 Jul 2026
GHSA-f96h-pmfr-66vw

Starlette Denial of service (DoS) via multipart/form-data

1 repository07 Jul 2026
GHSA-jp82-jpqv-5vv3

Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

8 repositories16 Jul 2026
GHSA-wqp7-x3pw-xc5r

Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

8 repositories13 Jul 2026
GHSA-x746-7m8f-x49c

Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

8 repositories13 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

Only exact npm and PyPI tuples are enriched. Reported SPDX expressions are metadata; no compatibility, obligation or legal conclusion is inferred.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): starlette — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/paket/starlette-beb9e527/

Reading this dossier

Does package presence prove that a provider is used?
No. Even a direct interface declaration does not establish configuration, credentials, procurement, data transfer or an API call.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools