CVE-2020-4038

GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...

CVE-2024-47614

async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin:...

CVE-2024-54151

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...

CVE-2024-24556

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...

Malicious code in solana-graphql-playground (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293a02fa1726046ea481def165e8c209dc7e6e1b108bc997d12977ecd4e613f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1178 Malicious code in solana-graphql-playground (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293a02fa1726046ea481def165e8c209dc7e6e1b108bc997d12977ecd4e613f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

IBM WebSphere Application Server Liberty 20.0.0.6 < 24.0.0.12 DoS (7174997)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a DoS vulnerability as referenced in the 7174997 advisory. - GraphQL Java aka graphql-java before 21.5 does not properly consider ExecutableNormalizedFields ENFs as part of preventing denial of servi...

Autodesk: Insecure Direct Object Reference (IDOR) in GraphQL deleteProfileImages Mutation

The Insecure Direct Object Reference IDOR vulnerability was discovered in the GraphQL deleteProfileImages mutation of the Autodesk User Profile. The vulnerability could have allowed an attacker to delete another user's photo through the "id" parameter. Autodesk has addressed the vulnerability...

Security Bulletin: There is a vulnerability in graphql-java-20.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-40094)

Summary There is a vulnerability in graphql-java-20.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider...

Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application (CVE-2024-40094)

Summary There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application CVE-2024-40094 Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider...

Security Bulletin: IBM PowerVM Novalink is vulnerable because GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields. (CVE-2024-40094)

Summary IBM PowerVM Novalink is vulnerable because GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service. By using introspection queries, a remote attacker could exploi...

Security Bulletin: IBM WebSphere Application Server Liberty , which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java (CVE-2024-40094)

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java (CVE-2024-40094)

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to GraphQL Java (CVE-2024-40094)

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Denial of service due to GraphQL Java in IBM WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2024-40094)

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty shipped with IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by...

Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-40094)

Summary There is a vulnerability in GraphQL Java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider...

The vulnerability of the GraphQL Query Handler component of the software platform based on Git, which is used for collaborative code development in GitLab EE/CE, allows a perpetrator to access confidential information.

The vulnerability of the GraphQL Query Handler component in the Git-based software platform, which is used for collaborative code development in GitLab EE/CE, is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor to gain access to confidential...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.35.0 security update & enhancements

Release of OpenShift Serverless Logic 1.35.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Exploit for CVE-2024-40094

CVE-2024-40094 ENF ExecutableNormalizedFields Denial of Serv...