CVE-2026-1101 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries...

CVE-2026-1101

GitLab Enterprise Edition (GitLab EE) has a denial-of-service vulnerability in GraphQL input validation affecting specific older branches: 18.2-era versions before 18.8.9, 18.9-era versions before 18.9.5, and 18.10-era versions before 18.10.3. An authenticated user could cause a DoS on the GitLab...

CVE-2026-1101

Removed by vendor...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GraphQL API when a large number of mutations or queries are included in a single request using aliases or by chaining multiple mutations. An attacker can cause excessive...

CVE-2026-35526

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

CVE-2026-35401

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

CVE-2026-33756

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an...

EUVD-2026-20532

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

CVE-2026-35401 Saleor has a resource exhaustion vulnerability in GraphQL queries

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

CVE-2026-35401

Saleor (e-commerce platform) contains a resource exhaustion vulnerability in GraphQL handling affecting 2.0.0 up to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118. A malicious actor can exceed resource limits by including many GraphQL mutations or queries in a single API call via aliases or by c...

CVE-2026-35401 Saleor has a resource exhaustion vulnerability in GraphQL queries

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

CVE-2026-33756 Saleor Affected by Denial of Service via Unbounded GraphQL Query Batching

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an...

EUVD-2026-20527

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an...

kubernetes-graphql-gateway: GraphQL Endpoint Vulnerable to Authenticated Denial-of-Service via Unrestricted Query Execution

CVSS 6.5 Medium — The GraphQL API served by kubernetes-graphql-gateway is vulnerable to Denial-of-Service DoS attacks due to a complete absence of query resource controls depth limiting, complexity analysis, response size capping, and rate limiting. An authenticated attacker can craft queries tha...

GHSA-H9MW-H4QC-F5JF kubernetes-graphql-gateway: GraphQL Endpoint Vulnerable to Authenticated Denial-of-Service via Unrestricted Query Execution

CVSS 6.5 Medium — The GraphQL API served by kubernetes-graphql-gateway is vulnerable to Denial-of-Service DoS attacks due to a complete absence of query resource controls depth limiting, complexity analysis, response size capping, and rate limiting. An authenticated attacker can craft queries tha...

PT-2026-31391

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.8.9, 18.9.5...

PT-2026-31536

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.0 through 18.8.8, 18.9 through 18.9.4, and 18.10 through 18.10.2 Description The software is susceptible to a denial-of-service condition triggered by repeated GraphQL queries from an unauthenticated user...

PT-2026-31537

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.6 through 18.8.8, 18.9 through 18.9.4, and 18.10 through 18.10.2 Description GitLab EE versions are affected by an issue that, under certain circumstances, could allow an authenticated user to access other users' email...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There were security vulnerabilities in versions prior to GitLab EE...