Package impact
PyPI / strawberry-graphql
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47707 | medium | 5.3 | 5.3 | 6h ago | Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification | |||
| CVE-2026-47706 | medium | 5.3 | 5.3 | 6h ago | Strawberry GraphQL has a Circular Fragment Reference DOS | |||
| CVE-2026-45739 | low | 3.1 | 3.1 | 16d ago | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser U… |