strawberry-graphql
PyPI4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting strawberry-graphqlpage 1 of 1
- CVE-2024-47082MEDIUMCVSS 4.6EG 4.6✓ Fixed in 0.243.02024-09-25
vulnerable: 0.1.0 ... 0.99.3 (873 versions)
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. T…
- CVE-2025-22151LOWCVSS 3.7EG 3.7✓ Fixed in 0.257.02025-01-09
vulnerable: 0.182.0 ... 0.257.0.dev1735244504 (225 versions)
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations (Django, SQ…
- CVE-2026-35523HIGHCVSS 7.5EG 7.5✓ Fixed in 0.312.32026-04-07
vulnerable: 0.1.0 ... 0.99.3 (1062 versions)
Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a …
- CVE-2026-35526HIGHCVSS 7.5EG 7.5✓ Fixed in 0.312.32026-04-07
vulnerable: 0.1.0 ... 0.99.3 (1062 versions)
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Ope…
Check whether strawberry-graphql is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for strawberry-graphql CVEs against the assets you own.
Start Free Scan →