Lucene search
+L

109 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.15 views

CVE-2026-47706

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS5.4AI score0.00296EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/04 4:22 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the MaxAliasesLimiter extension. An attacker can exhaust server resources by crafting GraphQL queries that exploit...

6.9CVSS5.5AI score0.00417EPSS
Exploits1References2
OSV
OSV
added 2026/06/04 2:39 p.m.8 views

GHSA-FR49-MHGJ-CRFC Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification

Summary The MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not consider how many times a fragments internal aliases are expanded during execution. this...

5.3CVSS6AI score0.00417EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/04 2:12 p.m.10 views

CVE-2026-47707 Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

5.3CVSS5.8AI score0.00417EPSS
Exploits1References2
CVE
CVE
added 2026/06/04 2:12 p.m.33 views

CVE-2026-47707

Technical details about CVE-2026-47707 are not publicly available in the provided documents; monitor vendor advisories and official releases for updates.

5.3CVSS5.8AI score0.00417EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/04 2:12 p.m.13 views

EUVD-2026-34271

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

5.3CVSS5.8AI score0.00417EPSS
Exploits1References2
OSV
OSV
added 2026/06/04 2:12 p.m.4 views

CVE-2026-47707 Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

5.3CVSS6AI score0.00417EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/04 2:6 p.m.39 views

CVE-2026-47706 Strawberry GraphQL has a Circular Fragment Reference DOS

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS0.00296EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 8:19 p.m.12 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of attributes using spread syntax from untrusted data, which includes event handler properties in the HTML output. An attacker can execute...

7.7CVSS5.8AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2026/04/06 2:49 p.m.6 views

BIT-PARSE-2026-34573 Parse Server: GraphQL complexity validator exponential fragment traversal DoS

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and 9.7.0, the GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads. A singl...

8.2CVSS5.7AI score0.00463EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/31 3:6 p.m.25 views

CVE-2026-34573 Parse Server: GraphQL complexity validator exponential fragment traversal DoS

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and 9.7.0-alpha.12, the GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads...

8.2CVSS0.00463EPSS
Exploits0References5
CVE
CVE
added 2026/03/31 3:6 p.m.28 views

CVE-2026-34573

Parse Server exposes a denial-of-service when the GraphQL query complexity validator is enabled (requestComplexity.graphQLDepth or requestComplexity.graphQLFields). In versions prior to 8.6.68 and 9.7.0-alpha.12, a crafted query using binary fan-out fragment spreads can block the Node.js event lo...

8.2CVSS5.7AI score0.00463EPSS
Exploits0References5Affected Software1
GithubExploit
GithubExploit
added 2026/02/20 3:14 a.m.186 views

Hydra-worm

Hydra-worm Hydra-Worm is a rogue self-replicating exploit that...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.6 views

Malicious code in @oku-ui/tabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ce22352f26f8cfce834a6ce3362835601a48b73356305181e6d2b90062fcfa8 The package @oku-ui/tabs was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.9 views

Malicious code in @browserbasehq/sdk-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dcba06b8039c18710f9cd77f877d6f7bcf48e1c0d25d161f404e2a14b689fca The package @browserbasehq/sdk-functions was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.7 views

Malicious code in @posthog/lemon-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bba1e7fb74f376bd3b56d7c910331af7b46fa8c392e697e08f858b837112e061 The package @posthog/lemon-ui was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.7 views

Malicious code in @oku-ui/hover-card (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49011592cdb157147144c2972c03c4ec153b1d0076d2aa6d45dce878247a77fc The package @oku-ui/hover-card was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.7 views

Malicious code in @silgi/ratelimit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 422196a67d61d4d71d26fc505d10b7d141fb54310ecab586ff0320d42f395509 The package @silgi/ratelimit was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.8 views

Malicious code in @voiceflow/commitlint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0318a598c3e523953b57c870305c3d1237a290a253f3d69dd9f24bf6ba079d6e The package @voiceflow/commitlint-config was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.10 views

Malicious code in @voiceflow/encryption (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13e58f7cdcdf3b87f5bbf111e42e13a1151626e495e15be73fc579109e397800 The package @voiceflow/encryption was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References10
Rows per page
Query Builder