6 matches found
CVE-2026-30241
Mercurius is a GraphQL adapter for Fastify. Prior to version 16.8.0, Mercurius fails to enforce the configured queryDepth limit on GraphQL subscription queries received over WebSocket connections. The depth check is correctly applied to HTTP queries and mutations, but subscription queries are...
CVE-2025-64166
Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery CSRF vulnerability was identified. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as...
CVE-2025-64166
Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery CSRF vulnerability was identified. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as...
CVE-2025-64166
Mercurius (GraphQL adapter for Fastify) has a CSRF flaw prior to v16.4.0 caused by incorrect parsing of Content-Type headers. Requests with Content-Type like application/x-www-form-urlencoded, multipart/form-data, or text/plain could be misinterpreted as application/json, bypassing fetch() prefli...
CVE-2021-43801
Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...
Mercurius 代码问题漏洞
Mercurius is a GraphQL adapter Fastify . Mercurius 8.10.0 to 8.11.1 has a code issue vulnerability that could be exploited by an attacker to cause a denial of service attack...