CVE-2022-31173

Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually...

EUVD-2024-2951

Malicious code in bioql PyPI...

EUVD-2023-3206

Malicious code in bioql PyPI...

EUVD-2022-7309

Malicious code in bioql PyPI...

EUVD-2022-0647

Malicious code in bioql PyPI...

Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

PT-2025-37473

Name of the Vulnerable Software and Affected Versions Chaos Mesh versions prior to 2.7.3 Description The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster. This server provides an API that allows attackers to kill...

Malicious code in fornax-graphql-server-wasat (npm)

The package fornax-graphql-server-wasat was found to contain malicious code...

MAL-2025-20796 Malicious code in fornax-graphql-server-wasat (npm)

The package fornax-graphql-server-wasat was found to contain malicious code...

CVE-2023-44401

The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number o...

@cedarjs/api-server (>=0.0.4 <=9.0.0-canary.1784), @cedarjs/cli (>=0.0.4 <=9.0.0-canary.1784) +65 more potentially affected by unknown CVE via @escape.tech/graphql-armor-cost-limit (>=1.7.0 <=2.4.1)

@escape.tech/graphql-armor-cost-limit NPM version =1.7.0, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.9.1-next.19, =0.0.4, =0.0.4, =0.0.2, =1.0.6, =2.0.6, =2.2.2, =2.19.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-733V-P3H5-QPQ7...

Linux Distros Unpatched Vulnerability : CVE-2022-21708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the...

CVE-2022-41876

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...

CVE-2024-47614

async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...

Exploit for CVE-2024-40094

CVE-2024-40094 ENF ExecutableNormalizedFields Denial of Serv...

CVE-2024-23841 XSS in @apollo/experimental-nextjs-app-support

apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...

CVE-2023-44401

The CVE-2023-44401 issue affects the Silverstripe GraphQL Server. In Silverstripe CMS versions 4.0.0–4.3.7 and 5.0.0–5.1.2, canView permission checks can be bypassed for ORM data in paginated GraphQL query results where total records exceed a page size (including queries with explicit limits). Th...

Silverstripe CMS GraphQL Server 安全漏洞

Silverstripe CMS GraphQL Server is a tool that makes SilverStripe data available as a GraphQL representation. A security vulnerability exists in Silverstripe CMS GraphQL Server versions 4.2.2 and 4.1.1. An attacker exploiting this vulnerability could perform a denial-of-service attack against a...

Hasura GraphQL Engine 路径遍历漏洞

Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A security vulnerability exists in Hasura GraphQL Engine that stems from a path traversal vulnerability...