90 matches found
GHSA-VPWC-V33Q-MQ89 strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol
Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before processing start subscription messages. This allows a remote...
aas2openapi (>=0.2.0 <=0.2.4), adelecv (>=0.0.1 <=0.0.2) +85 more potentially affected by CVE-2026-35523 via strawberry-graphql (>=0.103.9 <=0.312.0)
strawberry-graphql PYPI version =0.103.9, =0.2.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.0.2rc0, =0.9.0, =25.13.0, =0.41.0, =0.133.0 and more Source cves: CVE-2026-35523 Source advisory: SNYK:PYTHON-STRAWBERRYGRAPHQL-15922312...
Missing Authentication for Critical Function
Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the onwsconnect process. An attacker can gain unauthorized access to WebSocket subscription endpoints by connecting with the...
strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol
Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before processing start subscription messages. This allows a remote...
EUVD-2024-0208
Malicious code in bioql PyPI...
CVE-2025-22151
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...
CVE-2024-47082
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...
CVE-2025-22151
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...
GHSA-5XH2-23CC-5JC6 Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...
Insufficient Type Distinction
Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insufficient Type Distinction in the relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. An attacker can access unauthorized data by queryin...
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...
CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...
CVE-2025-22151
Strawberry GraphQL has a type confusion vulnerability in its relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). From version 0.182.0 up to, but not including, 0.257.0, the global node field may resolve to a different type mapped to the same model, causing inf...
CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...
CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...
PT-2025-4385
Name of the Vulnerable Software and Affected Versions Strawberry GraphQL versions 0.182.0 through 0.257.0 Description A type confusion vulnerability exists in Strawberry GraphQL's relay integration, affecting multiple ORM integrations, including Django, SQLAlchemy, and Pydantic. This issue occurs...
Strawberry GraphQL 安全漏洞
Strawberry GraphQL is a Python GraphQL library utilizing type annotations in the Strawberry GraphQL open source. A security vulnerability exists in Strawberry GraphQL versions prior to 0.182.0 through 0.257.0, which stems from type obfuscation in the relay integration, resulting in queries for a...
agent-evaluator (=0.7.8), arize-phoenix (>=0.0.33 <=2.11.1) +31 more potentially affected by CVE-2024-47082 via strawberry-graphql (>=0.202.1 <=0.242.0)
strawberry-graphql PYPI version =0.202.1, =0.0.33, =0.41.0, =1.2.0, =0.2.4, =0.2.6, =0.0.7, =0.5.0, =0.0.1, =0.0.1, =0.2.1, =0.1.0, =0.2.2, =0.5.19 and more Source cves: CVE-2024-47082 Source advisory: OSV:GHSA-79GP-Q4WV-33FR...
GHSA-79GP-Q4WV-33FR Cross-Site Request Forgery (CSRF) in strawberry-graphql
Impact Multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security...
agent-evaluator (=0.7.8), arize-phoenix (>=0.0.33 <=2.11.1) +31 more potentially affected by CVE-2024-47082 via strawberry-graphql (>=0.202.1 <=0.242.0)
strawberry-graphql PYPI version =0.202.1, =0.0.33, =0.41.0, =1.2.0, =0.2.4, =0.2.6, =0.0.7, =0.5.0, =0.0.1, =0.0.1, =0.2.1, =0.1.0, =0.2.2, =0.5.19 and more Source cves: CVE-2024-47082 Source advisory: OSV:PYSEC-2024-171...