CVE-2026-41699: Unsafe Deserialization in Spring GraphQL

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. More precisely, an application is vulnerable when all the following are true: When all the conditions above are met, an attacker can craft a malicious GraphQL request that can lead ...

EUVD-2026-34271

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

graphql-go 安全漏洞

graphql-go is a GraphQL server developed by Webonyx, focusing on ease of use. Versions of graphql-go prior to 15.31.5 contained security vulnerabilities. These vulnerabilities stemmed from the OverlappingFieldsCanBeMerged validation rule, which performed On² comparisons for fields with the same...

agent-evaluator (=0.7.8), airo-camera-toolkit (>=2025.4.0 <=2026.5.0) +79 more potentially affected by CVE-2026-35526 via strawberry-graphql (>=0.202.1 <=0.312.0)

strawberry-graphql PYPI version =0.202.1, =2025.4.0, =2025.4.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.0.33, =0.9.0, =25.13.0, =0.41.0, =1.2.0, =0.1.0a1, =0.1.0a10 and more Source cves: CVE-2026-35526 Source advisory: OSV:GHSA-HV3W-M4G2-5X77...

Directus 安全漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.17.0 contained a security vulnerability. This vulnerability stemmed from GraphQL endpoints not repeatedly calling the data deletion...

@tinacms/app (>=0.0.0-0b7103c-20251216023146 <=2.3.25), @tinacms/cli (>=0.0.0-0b7103c-20251216023146 <=2.1.6) +4 more potentially affected by CVE-2026-28791 via @tinacms/graphql (>=2.0.0 <=2.1.2)

@tinacms/graphql NPM version =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =3.5.0 Source cves: CVE-2026-28791 Source advisory: SNYK:JS-TINACMSGRAPHQL-15518326...

GitLab Enterprise Edition（EE） 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition EE versions prior to 18.4.6, 18.5 through 18.5.4, and 18.6 through 18.6.2, which stems from the fact that execution of a specially crafted...

GitLab CE和EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions 11.0 through 18.3.5 prior...

EUVD-2021-22677

Malware in sbrugna...

EUVD-2022-24855

Malicious code in bioql PyPI...

EUVD-2022-41779

Malicious code in bioql PyPI...

EUVD-2023-2482

Malicious code in bioql PyPI...

EUVD-2022-15380

Malicious code in bioql PyPI...

EUVD-2024-31728

Malicious code in bioql PyPI...

EUVD-2023-2495

Malicious code in bioql PyPI...

EUVD-2021-9374

Malicious code in bioql PyPI...

EUVD-2024-2287

Malicious code in bioql PyPI...

EUVD-2024-50324

Malicious code in bioql PyPI...

EUVD-2023-12908

Malicious code in bioql PyPI...

EUVD-2024-45216

Malicious code in bioql PyPI...