granian

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting granianpage 1 of 1

CVE-2026-42544HIGHCVSS 7.5EG 7.5✓ Fixed in 2.7.4
2026-05-12
vulnerable: 1.2.3 ... 2.7.3 (58 versions)
Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The …
CVE-2026-42545MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.7.4
2026-05-12
vulnerable: 0.2.6 ... 2.7.3 (66 versions)
Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on bo…

Check whether granian is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for granian CVEs against the assets you own.

Start Free Scan →