GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6 advisories
Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification
Moderate
CVE-2026-47707
was published
for
strawberry-graphql
(pip)
Jun 4, 2026
Strawberry GraphQL has a Circular Fragment Reference DOS
Moderate
CVE-2026-47706
was published
for
strawberry-graphql
(pip)
Jun 4, 2026
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Low
CVE-2026-45739
was published
for
strawberry-graphql
(pip)
May 19, 2026
strawberry-graphql: Denial of Service via unbounded WebSocket subscriptions
High
CVE-2026-35526
was published
for
strawberry-graphql
(pip)
Apr 6, 2026
strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol
High
CVE-2026-35523
was published
for
strawberry-graphql
(pip)
Apr 6, 2026
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
Low
CVE-2025-22151
was published
for
strawberry-graphql
(pip)
Jan 9, 2025
ProTip!
Advisories are also available from the
GraphQL API