3087 matches found
PT-2026-3473
Name of the Vulnerable Software and Affected Versions birkir prime versions prior to 0.4.0.beta.0 Description A security issue exists in birkir prime related to the GraphQL API component. A manipulation of the /graphql file processing can lead to information disclosure. The issue may be exploited...
Prime security vulnerabilities
Prime is a content management system developed by Birkir Gudjonsson. Versions of Prime prior to 0.4.0.beta.0 contained security vulnerabilities, which were caused by incorrect operations on the /graphql file. These vulnerabilities could lead to denial-of-service attacks...
PT-2026-3494
Name of the Vulnerable Software and Affected Versions birkir prime versions prior to 0.4.0.beta.0 Description A resource consumption issue exists in birkir prime. The issue affects an unknown function within the GraphQL Alias Handler component, specifically through the /graphql file. The attack c...
PT-2026-3487
Name of the Vulnerable Software and Affected Versions birkir prime versions prior to 0.4.0.beta.0 Description A flaw exists in birkir prime up to version 0.4.0.beta.0. The issue resides within an unknown function of the /graphql file within the GraphQL Directive Handler component. Successful...
Prime Access Control Vulnerability
Prime is a content management system developed by Birkir Gudjonsson. Versions of Prime prior to 0.4.0.beta.0 contained an access control vulnerability caused by incorrect operations on the /graphql file, which could lead to information leakage...
@accounter/server (>=0.0.0 <=0.0.3-alpha-20241114141215-09b7d417e7e139562b2a77a6eb2d990da536e1ec), @aligent/auth-module (=1.0.1) +1 more potentially affected by CVE-2026-23735 via graphql-modules (>=2.3.0 <=2.4.0)
graphql-modules NPM version =2.3.0, =0.0.0, =1.0.7, =1.0.9 Source cves: CVE-2026-23735 Source advisory: OSV:GHSA-53WG-R69P-V3R7...
GHSA-53WG-R69P-V3R7 GraphQL Modules has a Race Condition issue
Summary Originally reported as an issue 2613 but should be elevated to a security issue as the ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. Details When 2 or more parallel requests are made which trigger the same...
GraphQL Modules has a Race Condition issue
Summary Originally reported as an issue 2613 but should be elevated to a security issue as the ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. Details When 2 or more parallel requests are made which trigger the same...
CVE-2026-23735
GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...
CVE-2026-23735 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in graphql-modules
GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...
EUVD-2026-2862
GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...
CVE-2026-23735 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in graphql-modules
GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...
CVE-2026-23735 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in graphql-modules
GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...
CVE-2026-23735
GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...
CVE-2026-23735
Summary: Multiple sources describe a race condition in GraphQL Modules where, when 2 or more parallel requests trigger the same service, the request context injected via @ExecutionContext() can be mixed between concurrent executions, potentially leaking authentication-context data between users. ...
PT-2026-3319
Name of the Vulnerable Software and Affected Versions GraphQL Modules versions 2.2.1 through 2.4.0 GraphQL Modules versions 3.1.1 Description GraphQL Modules has an issue where, when two or more parallel requests trigger the same service, the context of the requests can become mixed up within the...
Graphql Modules: Competition Condition Vulnerability
Graphql Modules is a backend framework for GraphQL servers, open-sourced by Hive. Versions of Graphql Modules from 2.2.1 to 2.4.1, as well as versions before 3.1.1, have a race condition vulnerability. This vulnerability stems from context confusion during parallel requests, which may lead to...
CVE-2025-13781
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...
CVE-2025-11246
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner...
BIT-GITLAB-2025-13781 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...