3121 matches found
Exploit for CVE-2024-40094
CVE-2024-40094 ENF ExecutableNormalizedFields Denial of Serv...
Type Confusion
strawberrygraphql is vulnerable to Type Confusion. The vulnerability is due to improper handling of GraphQL types when multiple types are mapped to the same underlying model while using the relay node interface, allows an attacker to exploit type confusion to access or manipulate data from...
CVE-2025-22151
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...
Insufficient Type Distinction
Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insufficient Type Distinction in the relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. An attacker can access unauthorized data by queryin...
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...
GHSA-5XH2-23CC-5JC6 Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...
CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...
CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...
CVE-2025-22151
Strawberry GraphQL has a type confusion vulnerability in its relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). From version 0.182.0 up to, but not including, 0.257.0, the global node field may resolve to a different type mapped to the same model, causing inf...
CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...
PT-2025-4385 · Unknown +2 · Sqlalchemy +3
Name of the Vulnerable Software and Affected Versions: Strawberry GraphQL versions 0.182.0 through 0.257.0 Description: A type confusion vulnerability exists in Strawberry GraphQL's relay integration, affecting multiple ORM integrations, including Django, SQLAlchemy, and Pydantic. This issue occu...
Strawberry GraphQL 安全漏洞
Strawberry GraphQL is a Python GraphQL library utilizing type annotations in the Strawberry GraphQL open source. A security vulnerability exists in Strawberry GraphQL versions prior to 0.182.0 through 0.257.0, which stems from type obfuscation in the relay integration, resulting in queries for a...
VulnCheck KEV: CVE-2023-47643
SuiteCRM is a Customer Relationship Management CRM software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the...
ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0) +16388 more potentially affected by CVE-2024-12801 via ch.qos.logback:logback-core (>=1.4.0 <=1.5.12)
ch.qos.logback:logback-core MAVEN version =1.4.0, =0.1.0, =0.2.0, =0.114.0, =0.103.0, =0.114.0, =0.2.0, =0.8.0, =0.9.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664 =0....
Unauthorized Access
directus is vulnerable to Unauthorized Access. The vulnerability is due to improper authentication handling when WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH is set to "public," allowing unauthenticated users to perform CRUD operations and subscribe to changes with full admin privileges...
Altair 资源管理错误漏洞
Altair is a beautiful and feature-rich GraphQL client IDE from the Altair GraphQL open source. A resource management error vulnerability exists in versions prior to Altair v12.24Q3.2, which stems from a lack of request validation and a lack of authentication in the image proxy, and the...
BIT-GITLAB-2024-8116 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names...
BIT-GITLAB-2024-12292 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs...
CVE-2024-8116
An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names...
CVE-2024-8116 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names...