strawberry-graphql
PyPI7 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting strawberry-graphqlpage 1 of 1
- CVE-2024-47082MEDIUMCVSS 4.6EG 4.6✓ Fixed in 0.243.02024-09-25
vulnerable: 0.1.0 ... 0.99.3 (873 versions)
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. T…
- CVE-2025-22151LOWCVSS 3.7EG 3.7✓ Fixed in 0.257.02025-01-09
vulnerable: 0.182.0 ... 0.257.0.dev1735244504 (225 versions)
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations (Django, SQ…
- CVE-2026-35523HIGHCVSS 7.5EG 7.5✓ Fixed in 0.312.32026-04-07
vulnerable: 0.1.0 ... 0.99.3 (1062 versions)
Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a …
- CVE-2026-35526HIGHCVSS 7.5EG 7.5✓ Fixed in 0.312.32026-04-07
vulnerable: 0.1.0 ... 0.99.3 (1062 versions)
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Ope…
- CVE-2026-45739MEDIUMCVSS 4.3EG 4.3✓ Fixed in 0.315.42026-05-19
vulnerable: 0.288.4 ... 0.315.3 (64 versions)
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sen…
- CVE-2026-47706MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.315.72026-06-04
vulnerable: 0.100.0 ... 0.99.3 (830 versions)
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query con…
- CVE-2026-47707MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.315.72026-06-04
vulnerable: 0.172.0 ... 0.315.6 (429 versions)
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it corre…
Check whether strawberry-graphql is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for strawberry-graphql CVEs against the assets you own.
Start Free Scan →