Vulnerabilities > Graphql

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-26144 Resource Exhaustion vulnerability in Graphql
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries.
network
low complexity
graphql CWE-400
5.3
2021-11-04 CVE-2021-41248 Cross-site Scripting vulnerability in Graphql Graphiql
GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation.
network
high complexity
graphql CWE-79
2.6
2021-11-04 CVE-2021-41249 Cross-site Scripting vulnerability in Graphql Playground
GraphQL Playground is a GraphQL IDE for development of graphQL focused applications.
network
high complexity
graphql CWE-79
2.6