Graphql
This hub aggregates every CVE we track for Graphql, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
2
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM3HIGH2CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Graphql.
- CVE-2026-24125Path Traversal in @tinacms/graphql6.3
- CVE-2021-47748Hasura GraphQL 1.3.3 - Remote Code Execution9.8
- CVE-2025-27407Remote code execution when loading a crafted GraphQL schema9.0
- CVE-2023-44401Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data5.3
- CVE-2023-40180Denial of service vulnerability in silverstripe-graphql via recursive queries7.5
- CVE-2023-26144Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large...5.3
- CVE-2023-28104silverstripe/graphql Denial of Service vulnerability7.5
Product normalization is registry-driven with AI assist and human review. How it works