160 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-12292
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6...
MAL-2025-9142 Malicious code in @omisepayments/in-app-communication-graphql-sdk (npm)
The package @omisepayments/in-app-communication-graphql-sdk was found to contain malicious code...
Malicious code in @zalastax/nolb-graphql-g (npm)
The package @zalastax/nolb-graphql-g was found to contain malicious code...
HackerOne: DOS via Mutation Aliasing in GraphQL Account Recovery Phone Number Verification API
The GraphQL API's 'verifyAccountRecoveryPhoneNumber' mutation was found to be vulnerable to denial-of-service attacks through mutation aliasing. The vulnerability allowed multiple aliases of the same mutation to be included in a single request, causing the server to process each mutation...
CVE-2025-8279 Missing Authentication for Critical Function in GitLab Language Server
Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...
GitLab Language Server 访问控制错误漏洞
GitLab Language Server is a language server from GitLab USA. An access control error vulnerability exists in GitLab Language Server versions prior to 7.6.0 through 7.30.0 that stems from insufficient input validation and could lead to arbitrary GraphQL query execution...
PT-2025-17701 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.10 Mattermost versions 10.4.x through 10.4.2 Mattermost versions 10.5.x through 10.5.0 Description: The issue arises from the failure to validate the uniqueness and quantity of task actions within the...
CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...
GraphQL query operations security can be bypassed
Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...
The vulnerability of the GraphQL Mutation Handler component of the software platform based on git for collaborative code development on GitLab allows a hacker to gain unauthorized access to protected information.
The vulnerability of the GraphQL Mutation Handler component in the software platform based on Git, which is used for collaborative code development in GitLab, involves the disclosure of information through registration files. Exploiting this vulnerability can allow attackers to gain unauthorized...
PT-2024-37910 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: foreman affected versions not specified Description: A disclosure of sensitive information flaw was found in foreman via the "GraphQL API". If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin...
PT-2024-32617 · Mattermost +1 · Mattermost +1
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.9 Mattermost versions 9.10.x through 9.10.2 Mattermost versions 9.11.x through 9.11.1 Description: The issue allows an attacker to generate a large response and cause an amplified GraphQL response which...
The vulnerability in the built-in GraphQL client of the Zimbra Collaboration Suite (ZCS) corporate email management system allows a attacker to perform a CSRF attack and expose sensitive information.
The vulnerability of the built-in GraphQL client of the Zimbra Collaboration Suite email management system is related to the of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack and expose sensitive information...
Red Hat OpenShift 资源管理错误漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. Red Hat OpenShift suffers from a Resource Management Error vulnerability that stems from the presence of a Denial of Service DoS...
The vulnerability of the GraphQL Subscription Handler component of the software platform based on Git, which facilitates collaborative code development on GitLab, allows a malicious individual to gain unauthorized access to confidential information.
The vulnerability of the GraphQL Subscription Handler component of the software platform based on Git for collaborative code development on GitLab is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthoriz...
CraftCMS Security Vulnerability
CraftCMS is a content management system from CraftCMS, Inc. A security vulnerability exists in CraftCMS version v3.7.31 and earlier versions. An attacker exploited the vulnerability to perform a SQL injection attack via a GraphQL API endpoint...
PT-2024-20385 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13 GitHub Enterprise Server versions 3.9 through 3.9.12 GitHub Enterprise Server versions 3.10 through 3.10.9 GitHub Enterprise Server versions 3.11 through 3.11.7 GitHub Enterprise Server versions...
Silverstripe CMS GraphQL Server Security Vulnerability
Silverstripe CMS GraphQL Server is a tool that makes SilverStripe data available as a GraphQL representation. A security vulnerability exists in Silverstripe CMS GraphQL Server versions 4.x prior to 4.3.7 and 5.x prior to 5.1.3, which stems from the ability to bypass privilege checks...
Grackle Security Breach
Grackle is a GraphQL server written in functional Scala from the Typelevel project. A security vulnerability exists in Grackle versions prior to 0.18.0 that stems from the presence of a stack overflow, which could lead to a potential denial of service...
GHSA-G56X-7J6W-G8R8 Grackle has StackOverflowError in GraphQL query processing
Impact Prior to this fix, the GraphQL query parsing was vulnerable to StackOverflowErrors. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. !CAUTION No...