Lucene search
K

90 matches found

OSV
OSV
added 2026/04/06 6:0 p.m.4 views

GHSA-VPWC-V33Q-MQ89 strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol

Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before processing start subscription messages. This allows a remote...

7.5CVSS5.8AI score0.00424EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/04/06 6:0 p.m.5 views

aas2openapi (>=0.2.0 <=0.2.4), adelecv (>=0.0.1 <=0.0.2) +85 more potentially affected by CVE-2026-35523 via strawberry-graphql (>=0.103.9 <=0.312.0)

strawberry-graphql PYPI version =0.103.9, =0.2.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.0.2rc0, =0.9.0, =25.13.0, =0.41.0, =0.133.0 and more Source cves: CVE-2026-35523 Source advisory: SNYK:PYTHON-STRAWBERRYGRAPHQL-15922312...

7.5CVSS5.7AI score0.00424EPSS
Exploits0
Snyk
Snyk
added 2026/04/06 6:0 p.m.2 views

Missing Authentication for Critical Function

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the onwsconnect process. An attacker can gain unauthorized access to WebSocket subscription endpoints by connecting with the...

8.7CVSS5.9AI score0.00424EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/06 6:0 p.m.11 views

strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol

Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before processing start subscription messages. This allows a remote...

7.5CVSS5.8AI score0.00424EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0208

Malicious code in bioql PyPI...

8CVSS6.3AI score0.0023EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 11:58 a.m.14 views

CVE-2025-22151

Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...

3.7CVSS6.7AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.14 views

CVE-2024-47082

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

8CVSS7AI score0.0023EPSS
Exploits0
NVD
NVD
added 2025/01/09 7:15 p.m.26 views

CVE-2025-22151

Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...

3.7CVSS0.00361EPSS
Exploits0References2
OSV
OSV
added 2025/01/09 6:51 p.m.15 views

GHSA-5XH2-23CC-5JC6 Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...

3.7CVSS4.2AI score0.00361EPSS
Exploits0References4
Snyk
Snyk
added 2025/01/09 6:51 p.m.5 views

Insufficient Type Distinction

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insufficient Type Distinction in the relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. An attacker can access unauthorized data by queryin...

6.3CVSS7AI score0.00361EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/01/09 6:51 p.m.22 views

Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...

3.7CVSS6.8AI score0.00361EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/01/09 6:51 p.m.26 views

CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability

Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...

3.7CVSS0.00361EPSS
Exploits0References2
CVE
CVE
added 2025/01/09 6:51 p.m.110 views

CVE-2025-22151

Strawberry GraphQL has a type confusion vulnerability in its relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). From version 0.182.0 up to, but not including, 0.257.0, the global node field may resolve to a different type mapped to the same model, causing inf...

3.7CVSS4.2AI score0.00361EPSS
Exploits0References2
OSV
OSV
added 2025/01/09 6:51 p.m.19 views

CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability

Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...

3.7CVSS6.3AI score0.00361EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/09 6:51 p.m.15 views

CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability

Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...

3.7CVSS7AI score0.00361EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.9 views

PT-2025-4385

Name of the Vulnerable Software and Affected Versions Strawberry GraphQL versions 0.182.0 through 0.257.0 Description A type confusion vulnerability exists in Strawberry GraphQL's relay integration, affecting multiple ORM integrations, including Django, SQLAlchemy, and Pydantic. This issue occurs...

3.7CVSS5.9AI score0.00361EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.5 views

Strawberry GraphQL 安全漏洞

Strawberry GraphQL is a Python GraphQL library utilizing type annotations in the Strawberry GraphQL open source. A security vulnerability exists in Strawberry GraphQL versions prior to 0.182.0 through 0.257.0, which stems from type obfuscation in the relay integration, resulting in queries for a...

3.7CVSS6AI score0.00361EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/09/25 6:21 p.m.5 views

agent-evaluator (=0.7.8), arize-phoenix (>=0.0.33 <=2.11.1) +31 more potentially affected by CVE-2024-47082 via strawberry-graphql (>=0.202.1 <=0.242.0)

strawberry-graphql PYPI version =0.202.1, =0.0.33, =0.41.0, =1.2.0, =0.2.4, =0.2.6, =0.0.7, =0.5.0, =0.0.1, =0.0.1, =0.2.1, =0.1.0, =0.2.2, =0.5.19 and more Source cves: CVE-2024-47082 Source advisory: OSV:GHSA-79GP-Q4WV-33FR...

8CVSS5.4AI score0.0023EPSS
Exploits0
OSV
OSV
added 2024/09/25 6:21 p.m.55 views

GHSA-79GP-Q4WV-33FR Cross-Site Request Forgery (CSRF) in strawberry-graphql

Impact Multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security...

4.8CVSS6AI score0.0023EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/09/25 6:15 p.m.4 views

agent-evaluator (=0.7.8), arize-phoenix (>=0.0.33 <=2.11.1) +31 more potentially affected by CVE-2024-47082 via strawberry-graphql (>=0.202.1 <=0.242.0)

strawberry-graphql PYPI version =0.202.1, =0.0.33, =0.41.0, =1.2.0, =0.2.4, =0.2.6, =0.0.7, =0.5.0, =0.0.1, =0.0.1, =0.2.1, =0.1.0, =0.2.2, =0.5.19 and more Source cves: CVE-2024-47082 Source advisory: OSV:PYSEC-2024-171...

8CVSS5.4AI score0.0023EPSS
Exploits0
Rows per page
Query Builder