| CVE-2026-45739 |
low |
— |
2.5 |
|
|
|
16d ago |
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs |
| CVE-2026-35526 |
unknown |
— |
— |
|
|
|
2mo ago |
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols all… |
| CVE-2026-35523 |
unknown |
— |
— |
|
|
|
2mo ago |
Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws sub… |
| CVE-2025-22151 |
unknown |
— |
— |
|
|
|
1y ago |
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution |
| CVE-2024-47082 |
unknown |
— |
— |
|
|
|
2y ago |
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in … |
