EUVD-2026-28798

Absinthe: Unbounded atom creation from parsed directive name...

EEF-CVE-2026-42793 Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe

Summary Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language...

EEF-CVE-2026-43967 Quadratic fragment-name uniqueness check causes denial of service in absinthe

Summary Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation. 'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over all fragments and for each one call...

Absinthe 安全漏洞

Absinthe is an open-source GraphQL implementation framework based on Elixir. Versions of Absinthe from 1.5.0 to 1.10.2 had security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation or throttling, which could allow unauthenticated attackers to consume atomic tables...