Vulnerabilities in strawberry-graphql
7 resultsCVE-2026-35523HIGHAuthentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocolEPSS 0.4%CVE-2026-47707MEDIUMStrawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias AmplificationEPSS 0.4%CVE-2025-22151LOWStrawberry GraphQL has a type resolution vulnerabilityEPSS 0.4%CVE-2026-47706MEDIUMStrawberry GraphQL has a Circular Fragment Reference DOSEPSS 0.3%CVE-2026-35526HIGHStrawberry GraphQL affected by a Denial of Service via unbounded WebSocket subscriptionsEPSS 0.3%CVE-2024-47082MEDIUMStrawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-45739LOWStrawberry GraphQL: Default GraphiQL may expose HTTP headers in URLsEPSS 0.2%