CVE-2026-40476

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...

CVE-2026-40476

CVE-2026-40476 affects graphql-go (Go GraphQL implementation) in version

CVE-2026-40476

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...

EUVD-2022-6561

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-37315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser. CVE-2022-37315 Note that Nessus relies on the presence of the...

GO-2022-0942 Infinite recursion in parser in github.com/graphql-go/graphql

graphql-go aka GraphQL for Go has infinite recursion in the type definition parser...

CVE-2022-37315

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

CVE-2022-37315

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

CVE-2022-37315

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

UBUNTU-CVE-2022-37315

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

CVE-2022-37315

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

Design/Logic Flaw

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

CVE-2022-37315

GraphQL-go (GraphQL for Go) up to v0.8.0 contains an infinite recursion in the type-definition parser. The CVE-2022-37315 entry notes this vulnerability impact, with an NVD CVSSv3.1 base score of 7.5 (HIGH) and network attack vector, no privileges required, no user interaction, and availability i...

CVE-2022-37315

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

graphql-go 安全漏洞

graphql-go is an open source GraphQL server focused on ease of use. A security vulnerability exists in graphql-go also known as GraphQL for Go version 0.8.0, which stems from the type definition parser having infinite recursion...

PT-2022-23922 · Unknown · Graphql-Go

Name of the Vulnerable Software and Affected Versions: graphql-go aka GraphQL for Go versions 0.8.0 and earlier Description: The issue concerns infinite recursion in the type definition parser. Recommendations: For versions 0.8.0 and earlier, at the moment, there is no information about a newer...

GO-2022-0300 Panic via malicious inputs in github.com/graph-gophers/graphql-go

Malicious inputs can cause a panic. A maliciously crafted input can cause a stack overflow and panic. Any user with access to the GraphQL can send such a query. This issue only occurs when using the graphql.MaxDepth schema option which is highly recommended in most cases...

Denial of Service in graphql-go

Impact This is a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could...

GHSA-MH3M-8C74-74XH Denial of Service in graphql-go

Impact This is a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could...

CVE-2022-21708

The CVE-2022-21708 issue affects graphql-go (GraphQL server). In versions prior to 1.3.0, a bug allows an attacker with access to the GraphQL handler to send crafted queries that trigger a stack overflow panic, potentially impairing the server’s ability to serve data. The vulnerability is fixed i...