| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-39324 | aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services | aimeos | ai-admin-graphql | Low | 3.8 | 2024-07-02 20:09:23 | Deep Dive |
| CVE-2024-39323 | aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account | aimeos | ai-admin-graphql | High | 7.1 | 2024-07-02 16:03:03 | Deep Dive |
| CVE-2024-24556 | XSS in @urql/next | urql-graphql | urql | High | 7.2 | 2024-01-30 17:21:20 | Deep Dive |
| CVE-2023-44401 | Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data | silverstripe | silverstripe-graphql | Medium | 5.3 | 2024-01-23 13:08:34 | Deep Dive |
| CVE-2022-1563 | WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure | Unknown | wp-graphql-woocommerce | 中危 | - | 2024-01-16 15:50:08 | Deep Dive |
| CVE-2023-40180 | Denial of service vulnerability in silverstripe-graphql via recursive queries | silverstripe | silverstripe-graphql | High | 7.5 | 2023-10-16 18:05:15 | Deep Dive |
| CVE-2023-43799 | The Altair Desktop Client Does Not Sanitize External URLs before passing them to the underlying system | altair-graphql | altair | Medium | 5.0 | 2023-10-04 20:37:55 | Deep Dive |
| CVE-2023-34047 | Exposure of data and identity to wrong session in Spring for GraphQL | Spring | Spring for GraphQL | Low | 3.1 | 2023-09-20 09:09:13 | Deep Dive |
| CVE-2023-26144 | GraphQL.js 资源管理错误漏洞 | - | graphql | Medium | 5.3 | 2023-09-20 05:00:02 | Deep Dive |
| CVE-2023-28104 | silverstripe/graphql Denial of Service vulnerability | silverstripe | silverstripe-graphql | High | 7.5 | 2023-03-16 15:25:31 | Deep Dive |
| CVE-2023-27588 | Unauthenticated path traversal vulnerability in Hasura GraphQL Engine | hasura | graphql-engine | High | 7.5 | 2023-03-14 17:23:10 | Deep Dive |
| CVE-2022-41876 | ezplatform-graphql GraphQL queries can expose password hashes | ezsystems | ezplatform-graphql | High | 7.5 | 2022-11-10 00:00:00 | Deep Dive |
| CVE-2022-31173 | Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow | graphql-rust | juniper | High | 7.5 | 2022-08-01 18:50:12 | Deep Dive |
| CVE-2022-21708 | Denial of Service in graphql-go | graph-gophers | graphql-go | Medium | 6.5 | 2022-01-21 22:25:10 | Deep Dive |
| CVE-2021-41248 | XSS vulnerability in GraphiQL | graphql | graphiql | High | 7.1 | 2021-11-04 20:15:11 | Deep Dive |
| CVE-2021-41249 | XSS vulnerability in GraphQL Playground | graphql | graphql-playground | High | 7.1 | 2021-11-04 20:05:12 | Deep Dive |
| CVE-2021-23326 | Command Injection | - | @graphql-tools/git-loader | Medium | 6.3 | 2021-01-20 12:30:16 | Deep Dive |
| CVE-2020-4038 | Reflected XSS in GraphQL Playground | prisma-labs | graphql-playground | High | 7.4 | 2020-06-08 20:40:12 | Deep Dive |
| CVE-2019-1020015 | graphql-engine 输入验证错误漏洞 | graphql-engine | graphql-engine | 高危 | - | 2019-07-29 12:21:40 | Deep Dive |