Silverstripe/graphql
This hub aggregates every CVE we track for Silverstripe/graphql, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
0
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM4HIGH3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Silverstripe/graphql.
- CVE-2023-44401Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data5.3
- CVE-2023-40180Denial of service vulnerability in silverstripe-graphql via recursive queries7.5
- CVE-2023-28104silverstripe/graphql Denial of Service vulnerability7.5
- CVE-2021-28661Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.4.3
- CVE-2020-26136In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.6.5
- CVE-2020-6165SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in ...5.3
- CVE-2019-12437In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,8.8
Product normalization is registry-driven with AI assist and human review. How it works