Browse all 5 CVE security advisories affecting Hasura. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Hasura provides a GraphQL engine for building APIs and real-time applications, enabling rapid backend development. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. The platform's security posture has been challenged by incidents like CVE-2023-39143, which allowed unauthorized access to GraphQL endpoints, and CVE-2021-39144, enabling RCE through crafted queries. While these issues have been addressed, they highlight risks in default configurations and insufficient input sanitization. Organizations should implement strict access controls and regular security assessments when deploying Hasura to mitigate potential exploitation of its exposed GraphQL interfaces.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-47748 | Hasura GraphQL 1.3.3 - Remote Code Execution — GraphQLCWE-78 | 9.8 | Critical | 2026-01-21 |
This page lists every published CVE security advisory associated with Hasura. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.