Denial Of Service (DoS)

mercurius is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to cause an application crash via sending a malformed packet over `WebSocket` to `/graphql` resulting in Denial of ...

Continue Reading

CVSS3 - HIGH

CVE-2022-23739

An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app i ...

Continue Reading
CVE-2023-22491

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading
gatsby-transformer-remark has possible unsanitized JavaScript code injection

### Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default con ...

Continue Reading
gatsby-transformer-remark has possible unsanitized JavaScript code injection

### Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default con ...

Continue Reading
mercurius has Uncaught Exception when using subscriptions

### Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. ### Patches This was patched in https:// ...

Continue Reading
mercurius has Uncaught Exception when using subscriptions

### Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. ### Patches This was patched in https:// ...

Continue Reading
CVE-2023-22477

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This iss ...

Continue Reading

Back to Main

Subscribe for the latest news: