CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

Snyk•added 2026/05/19 3:55 p.m.•2 views

Insertion of Sensitive Information Into Sent Data

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the graphiql template. An attacker can obtain sensitive HTTP header values by enticing a user to enter confidential...

3.1CVSS5.8AI score

Exploits0References2

Github Security Blog•added 2026/05/19 3:55 p.m.•6 views

Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

Summary Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value could become visible in browser history, copied links, and server/proxy/CDN access logs...

6.1AI score

Exploits0References4Affected Software1

OSV•added 2026/05/19 3:55 p.m.•1 views

GHSA-X97M-QP5C-W9XJ Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

3.1CVSS6.1AI score

Exploits0References4

Positive Technologies•added 2026/05/19 12:0 a.m.•5 views

PT-2026-41972

3.1CVSS6.1AI score

Exploits0References5

RedhatCVE•added 2026/05/16 1:57 p.m.•5 views

CVE-2026-42794

Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...

6.1CVSS5.8AI score0.0001EPSS

Exploits0References1

EUVD•added 2026/05/08 6:31 p.m.•2 views

EUVD-2026-28799

2.3CVSS5.8AI score0.0001EPSS

Exploits0References5

OSV•added 2026/05/08 6:31 p.m.•1 views

GHSA-C62G-J346-39V5 absinthe_plug Has a Cross-site Scripting vulnerability

2.3CVSS5.8AI score0.0001EPSS

Exploits0References6

Github Security Blog•added 2026/05/08 6:31 p.m.•4 views

absinthe_plug Has a Cross-site Scripting vulnerability

6.1CVSS5.8AI score0.0001EPSS

Exploits0References6Affected Software1

NVD•added 2026/05/08 4:16 p.m.•7 views

CVE-2026-42794

6.1CVSS0.0001EPSS

Exploits0References4

Vulnrichment•added 2026/05/08 3:42 p.m.•4 views

CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

2.3CVSS5.8AI score0.0001EPSS

Exploits0References4

Cvelist•added 2026/05/08 3:42 p.m.•25 views

CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

2.3CVSS0.0001EPSS

Exploits0References4

ATTACKERKB•added 2026/05/08 3:42 p.m.•2 views

CVE-2026-42794

2.3CVSS5.8AI score0.0001EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/08 3:42 p.m.•1 views

EEF-CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

Summary Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines i...

2.3CVSS5.8AI score0.0001EPSS

Exploits0References4

CVE•added 2026/05/08 3:42 p.m.•7 views

CVE-2026-42794

CVE-2026-42794 is a reflected XSS in absinthe_plug via GraphiQL. The function Elixir.Absinthe.Plug.GraphiQL:js_escape/1 escapes single quotes and newlines in the query GET parameter but does not escape backslashes, enabling an attacker to prefix a quote with a backslash (e.g., ") to break out of ...

6.1CVSS5.8AI score0.0001EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/05/08 12:0 a.m.•1 views

Absinthe.Plug 跨站脚本漏洞

Absinthe.Plug is an open-source GraphQL toolkit plugin for Elixir. Version 1.2.0 of Absinthe.Plug contains a cross-site scripting vulnerability. This vulnerability stems from the jsescape function in the GraphiQL interface not escaping backslashes, which may lead to reflective cross-site scriptin...

6.1CVSS5.6AI score0.0001EPSS

Exploits0References6

Positive Technologies•added 2026/05/08 12:0 a.m.•4 views

PT-2026-39147

Name of the Vulnerable Software and Affected Versions absinthe plug versions 1.2.0 through 1.10.1 Description Reflected cross-site scripting is possible via the GraphiQL interface. The js escape/1 function in lib/absinthe/plug/graphiql.ex fails to escape backslashes when processing the query GET...

2.3CVSS5.9AI score0.0001EPSS

Exploits0References11

IBM Security Bulletins•added 2026/04/08 8:42 a.m.•3 views

Security Bulletin: Dynamic XSS Vulnerability in GraphiQL via Malicious Schema Introspection Responses (Pre-v1.4.7) watsonx.data

Summary All versions of GraphiQL before 1.4.7 are vulnerable to a dynamic XSS flaw triggered by malicious schema introspection responses or crafted type names, potentially allowing code injection during autocomplete—especially in custom setups where the schema endpoint can be user-controlled. Thi...

7.1CVSS7.1AI score0.00398EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/03/14 9:13 a.m.•6 views

Security Bulletin: IBM Edge Data Collector uses nix-0.26.4.crate, nix-0.29.0.crate, tokio-util-0.6.10.crate, tokio-util-0.7.13.crate which is vulnerable to CVE-2021-41248.

Summary IBM Edge Data Collector uses nix-0.26.4.crate, nix-0.29.0.crate, tokio-util-0.6.10.crate, tokio-util-0.7.13.crate which is vulnerable to CVE-2021-41248. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2021-41248 DESCRIPTION: GraphiQL is the...

7.1CVSS5.9AI score0.00398EPSS

Exploits0Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-2411

Malware in sbrugna...

7.1CVSS5.3AI score0.00398EPSS

Exploits0References9