Strawberry-graphql Strawberry
7 CVEs affecting Strawberry-graphql Strawberry. Latest disclosed: 2026-06-04. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-35523 | High | 7.5 | 2026-04-07 | Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscript… |
CVE-2026-35526 | High | 7.5 | 2026-04-07 | Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transpor… |
CVE-2026-47707 | Medium | 5.3 | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account f… |
CVE-2026-47706 | Medium | 5.3 | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-… |
CVE-2024-47082 | Medium | 4.6 | 2024-09-25 | Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request… |
CVE-2025-22151 | Low | 3.7 | 2025-01-09 | Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberr… |
CVE-2026-45739 | Low | 3.1 | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the Gr… |