CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

4.3CVSS5.4AI score0.00031EPSS

Exploits0References1

Vulnrichment•added 2 days ago•4 views

CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

3.1CVSS5.8AI score0.00031EPSS

Exploits0References5

ATTACKERKB•added 2 days ago•4 views

CVE-2026-45739

3.1CVSS5.8AI score0.00031EPSS

Exploits0References6Affected Software1

CVE•added 2 days ago•11 views

CVE-2026-45739

The CVE affects Strawberry GraphQL versions 0.288.4 through 0.315.3, where the bundled GraphiQL template could serialize sensitive HTTP header values (e.g., Authorization: Bearer ) into the browser URL query string via the GraphiQL headers editor. This could leak header data to browser history, c...

4.3CVSS5.8AI score0.00031EPSS

Exploits0References5Affected Software1

Cvelist•added 2 days ago•31 views

CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

3.1CVSS0.00031EPSS

Exploits0References5

Snyk•added 2026/05/19 3:55 p.m.•4 views

Insertion of Sensitive Information Into Sent Data

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the graphiql template. An attacker can obtain sensitive HTTP header values by enticing a user to enter confidential...

4.3CVSS5.8AI score0.00031EPSS

Exploits0References2

OSV•added 2026/05/19 3:55 p.m.•1 views

GHSA-X97M-QP5C-W9XJ Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

Summary Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value could become visible in browser history, copied links, and server/proxy/CDN access logs...

3.1CVSS6.1AI score0.00031EPSS

Exploits0References4

Github Security Blog•added 2026/05/19 3:55 p.m.•9 views

Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

4.3CVSS6.1AI score0.00031EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41972

Name of the Vulnerable Software and Affected Versions Strawberry GraphQL versions 0.288.4 through 0.315.3 Description The bundled GraphiQL template in Strawberry GraphQL writes values from the headers editor into the browser URL query string. This occurs because the strawberry/static/graphiql.htm...

3.1CVSS6AI score0.00031EPSS

Exploits0References9

RedhatCVE•added 2026/05/16 1:57 p.m.•6 views

CVE-2026-42794

Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...

6.1CVSS5.8AI score0.0001EPSS

Exploits0References1

EUVD•added 2026/05/08 6:31 p.m.•4 views

EUVD-2026-28799

2.3CVSS5.8AI score0.0001EPSS

Exploits0References5

OSV•added 2026/05/08 6:31 p.m.•2 views

GHSA-C62G-J346-39V5 absinthe_plug Has a Cross-site Scripting vulnerability

2.3CVSS5.8AI score0.0001EPSS

Exploits0References6

Github Security Blog•added 2026/05/08 6:31 p.m.•6 views

absinthe_plug Has a Cross-site Scripting vulnerability

6.1CVSS5.8AI score0.0001EPSS

Exploits0References6Affected Software1

NVD•added 2026/05/08 4:16 p.m.•8 views

CVE-2026-42794

6.1CVSS0.0001EPSS

Exploits0References4

Vulnrichment•added 2026/05/08 3:42 p.m.•5 views

CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

2.3CVSS5.8AI score0.0001EPSS

Exploits0References4

Cvelist•added 2026/05/08 3:42 p.m.•26 views

CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

2.3CVSS0.0001EPSS

Exploits0References4

ATTACKERKB•added 2026/05/08 3:42 p.m.•3 views

CVE-2026-42794

2.3CVSS5.8AI score0.0001EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/08 3:42 p.m.•1 views

EEF-CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

Summary Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines i...

2.3CVSS5.8AI score0.0001EPSS

Exploits0References4

CVE•added 2026/05/08 3:42 p.m.•8 views

CVE-2026-42794

CVE-2026-42794 is a reflected XSS in absinthe_plug via GraphiQL. The function Elixir.Absinthe.Plug.GraphiQL:js_escape/1 escapes single quotes and newlines in the query GET parameter but does not escape backslashes, enabling an attacker to prefix a quote with a backslash (e.g., ") to break out of ...

6.1CVSS5.8AI score0.0001EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/05/08 12:0 a.m.•2 views

Absinthe.Plug 跨站脚本漏洞

Absinthe.Plug is an open-source GraphQL toolkit plugin for Elixir. Version 1.2.0 of Absinthe.Plug contains a cross-site scripting vulnerability. This vulnerability stems from the jsescape function in the GraphiQL interface not escaping backslashes, which may lead to reflective cross-site scriptin...

6.1CVSS5.6AI score0.0001EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by