pkg:PyPI/strawberry-graphql

All known vulnerabilities

• HIGH7.5CVE-2026-35526strawberry-graphql: Denial of Service via unbounded WebSocket subscriptions
  from 0, < 0.312.3
• HIGH7.5CVE-2026-35526strawberry-graphql: Denial of Service via unbounded WebSocket subscriptions
  from 0, < 0.312.3
• HIGH7.5CVE-2026-35523strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol
  from 0, < 0.312.3
• HIGH7.5strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol
  from 0, < 0.312.3
• MEDIUM5.3Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification
  >= 0.172.0, < 0.315.7
• MEDIUM5.3Strawberry GraphQL has a Circular Fragment Reference DOS
  >= 0.71.0, < 0.315.7
• MEDIUM4.6Cross-Site Request Forgery (CSRF) in strawberry-graphql
  from 0, < 37265b230e511480a9ceace492f9f6a484be1387 | from 0, < 0.243.0
• MEDIUM4.6Cross-Site Request Forgery (CSRF) in strawberry-graphql
  from 0, < 0.243.0
• LOW3.7Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
  >= 0.182.0, < 0.257.0
• LOW3.1Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
  >= 0.288.4, < 0.315.4