54 matches found
Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query
Summary The checkUserPassword GraphQL query in Dgraph is vulnerable to DQL Dgraph Query Language injection. User-supplied password values are interpolated directly into a DQL checkpwd query via fmt.Sprintf without any escaping or parameterization. An attacker can inject a password containing a...
cve-2026-41699 - HIGH - Unsafe Deserialization in Spring GraphQL
cve-2026-41699 - HIGH - Unsafe Deserialization in Spring GraphQL...
EUVD-2026-34271
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...
graphql-go 安全漏洞
graphql-go is a GraphQL server developed by Webonyx, focusing on ease of use. Versions of graphql-go prior to 15.31.5 contained security vulnerabilities. These vulnerabilities stemmed from the OverlappingFieldsCanBeMerged validation rule, which performed On² comparisons for fields with the same...
agent-evaluator (=0.7.8), apppy-app (>=0.1.0 <=0.24.1) +61 more potentially affected by CVE-2026-35526 via strawberry-graphql (>=0.202.1 <=0.312.0)
strawberry-graphql PYPI version =0.202.1, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.0.33, =0.9.0, =25.13.0, =0.41.0, =1.2.0, =0.1.0a1, =1.1.20, =2.1.1 - dictatorgenai =0.1.0 and more Source cves: CVE-2026-35526 Source advisory: OSV:GHSA-HV3W-M4G2-5X77...
Directus 安全漏洞
Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.17.0 contained a security vulnerability. This vulnerability stemmed from GraphQL endpoints not repeatedly calling the data deletion...
@tinacms/app (>=0.0.0-0b7103c-20251216023146 <=2.3.25), @tinacms/cli (>=0.0.0-0b7103c-20251216023146 <=2.1.6) +4 more potentially affected by CVE-2026-28791 via @tinacms/graphql (>=2.0.0 <=2.1.2)
@tinacms/graphql NPM version =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =3.5.0 Source cves: CVE-2026-28791 Source advisory: SNYK:JS-TINACMSGRAPHQL-15518326...
GitLab Enterprise Edition(EE) 安全漏洞
GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition EE versions prior to 18.4.6, 18.5 through 18.5.4, and 18.6 through 18.6.2, which stems from the fact that execution of a specially crafted...
GitLab CE和EE 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions 11.0 through 18.3.5 prior...
EUVD-2021-22677
Malware in sbrugna...
EUVD-2024-2287
Malicious code in bioql PyPI...
EUVD-2022-24855
Malicious code in bioql PyPI...
EUVD-2022-15380
Malicious code in bioql PyPI...
EUVD-2024-50324
Malicious code in bioql PyPI...
EUVD-2024-45216
Malicious code in bioql PyPI...
EUVD-2023-2495
Malicious code in bioql PyPI...
EUVD-2022-41779
Malicious code in bioql PyPI...
EUVD-2025-9735
Malicious code in bioql PyPI...
EUVD-2023-2482
Malicious code in bioql PyPI...
EUVD-2021-9374
Malicious code in bioql PyPI...