CVE-2021-22209

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

Gitlab -- vulnerabilities

Gitlab reports: Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE Cross-site Scripting issue in Web IDE impacts GitLab CE/EE Missing Authorization issue in Duo Workflows API impacts GitLab EE Missing Authorization issue in AI GraphQL mutation impacts...

CVE-2025-61781

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation...

PYSEC-2026-116

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation...

Server-side Request Forgery (SSRF)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the saveAsset mutation's file input, specifically the url parameter. An attacker can access internal network resources, bypass firewall rules, and...

OpenCTI 安全漏洞

OpenCTI is an open source cyber threat intelligence platform from OpenCTI Open Source. A security vulnerability exists in OpenCTI versions prior to 6.8.1, which stems from a lack of authorization checking in a GraphQL mutation that could lead to unauthorized resource deletion...

PT-2026-1344

Name of the Vulnerable Software and Affected Versions Craft versions 5.0.0-RC1 through 5.8.20 Craft versions 4.0.0-RC1 through 4.16.16 Description Craft is a platform for creating digital experiences. The GraphQL save Asset mutation is susceptible to Server-Side Request Forgery SSRF. The issue...

CVE-2025-62645

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...

Restaurant Brands International assistant platform 安全漏洞

Restaurant Brands International assistant platform is a restaurant back office platform from Restaurant Brands International. A security vulnerability exists in Restaurant Brands International assistant platform version 2025-09-06 and earlier, which stems from a createToken GraphQL mutation that...

CVE-2025-62645

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...

CVE-2025-62645

The RBI assistant platform (Restaurant Brands International) through 2025-09-06 is vulnerable: a remote authenticated attacker can obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation. The evidence across multiple sources confirms an impersona...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition EE versions 18.3 through 18.3.4 and 18.4 through 18.4.2, which stems from an incorrect GraphQL mutation range that could cause an...

PT-2025-41490

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.13 Description BigBlueButton is an open-source virtual classroom. A denial-of-service DoS condition exists in versions prior to 3.0.13. An authenticated user can disrupt chat functionality for all meeting...

EUVD-2021-22645

Malware in sbrugna...

EUVD-2021-9355

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality...

CVE-2024-57189

In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...

PT-2025-24712 · Erxes · Erxes

Name of the Vulnerable Software and Affected Versions: Erxes versions prior to 1.6.2 Description: The issue allows an authenticated attacker to write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler. Recommendations: For...

CVE-2024-57189

In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...