Browse all 4 CVE security advisories affecting strawberry-graphql. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Strawberry-GraphQL is a Python library for implementing GraphQL APIs, primarily used for building efficient query endpoints. Historically, it has faced vulnerabilities including remote code execution (RCE) through unsafe deserialization, cross-site scripting (XSS) from improper output encoding, and privilege escalation via insufficient access controls. The library has accumulated four CVEs, highlighting risks in input validation and secure defaults. Notable security characteristics include its reliance on proper sanitization of user inputs and complex query handling, which can introduce attack surfaces if misconfigured. Major incidents often stem from improper implementation rather than core flaws, emphasizing the need for secure coding practices when using this GraphQL implementation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35523 | Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol — strawberryCWE-306 | 7.5 | High | 2026-04-07 |
| CVE-2026-35526 | Strawberry GraphQL affected by a Denial of Service via unbounded WebSocket subscriptions — strawberryCWE-770 | 7.5 | High | 2026-04-07 |
| CVE-2025-22151 | Strawberry GraphQL has a type resolution vulnerability — strawberryCWE-843 | 3.7 | Low | 2025-01-09 |
| CVE-2024-47082 | Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability — strawberryCWE-352 | 4.6 | Medium | 2024-09-25 |
This page lists every published CVE security advisory associated with strawberry-graphql. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.