Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-29489

Malicious code in bioql PyPI...

6.6AI score
Exploits0References4
OSV
OSVadded 2025/04/25 3:14 p.m.3 views

GHSA-733V-P3H5-QPQ7 GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation

Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...

5.3CVSS7AI score
Exploits0References4
Veracode
Veracodeadded 2024/11/04 8:48 a.m.7 views

Information Disclosure

github.com/graph-gophers/graphql-go is vulnerable to Information Disclosure. The vulnerability is due to improper access controls on the GraphQL introspection query, allowing unauthorized users to access a complete list of available queries and mutations...

5.3CVSS6.5AI score0.00263EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2024/10/22 1:24 p.m.151 views

CVE-2024-50312

CVE-2024-50312 is an Information Disclosure via GraphQL Introspection vulnerability in OpenShift. The connected Red Hat advisory notes that OpenShift Container Platform 4.x releases including 4.16.30 and 4.17.12 were patched to fix this issue, which allowed unauthorized users to enumerate availab...

5.3CVSS5.1AI score0.00263EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2024/10/22 12:0 a.m.4 views

PT-2024-34133 · Graphql +1 · Graphql +1

Name of the Vulnerable Software and Affected Versions: GraphQL affected versions not specified Description: A vulnerability was found in GraphQL due to improper access controls on the graphql introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available...

9.9CVSS6.1AI score0.94047EPSS
Exploits20References140
Hacker One
Hacker Oneadded 2023/07/03 5:37 p.m.4 views

Sorare: Circular based introspetion Query leading to single request denial of service and cost consumption and query cost on api.sorare.com/graphql

The Sorare GraphQL API has an introspection feature enabled by default, which allows developers to explore the API's schema. However, due to a lack of depth limits, an attacker can execute a circular introspection query that leads to a single request denial of service, affecting both the...

7.3AI score
Exploits0
Kitploit
Kitploitadded 2020/06/23 9:30 p.m.60 views

InQL - A Burp Extension For GraphQL Security Testing

A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. InQL Stand-Alone CLI Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata...

7.2AI score
Exploits0References3
Wallarm Lab
Wallarm Labadded 2019/12/03 10:49 p.m.40 views

Why and how to disable introspection query for GraphQL APIs

Intro In the last post, we touched on the topic of GraphQL security. As a reminder, GraphQL is a popular alternative to REST APIs. A single article can not encapsulate all the things one wants to know about such an interesting technology. This installment of the series will look at the first step...

2.2AI score
Exploits0
Rows per page
Query Builder