— PyPI
MAL-2026-4771 Malicious code in strawberry-graphql (PyPI)
Modified: 5/26/2026
package
PyPI / strawberry-graphql
pkg:pypi/strawberry-graphql
HIGH 8.0 PyPI
PYSEC-2024-171 · CVE-2024-47082, GHSA-79gp-q4wv-33fr Modified: 1/18/2025
HIGH 7.5 PyPI
PYSEC-2026-133 · CVE-2026-35523, GHSA-vpwc-v33q-mq89 Modified: 5/20/2026
HIGH 7.5 PyPI
PYSEC-2026-134 · CVE-2026-35526, GHSA-hv3w-m4g2-5x77 Modified: 5/20/2026
LOW 3.7 PyPI
GHSA-5xh2-23cc-5jc6 · CVE-2025-22151 Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
Modified: 1/9/2025
MEDIUM 4.6 PyPI
GHSA-79gp-q4wv-33fr · CVE-2024-47082, PYSEC-2024-171 Cross-Site Request Forgery (CSRF) in strawberry-graphql
Modified: 1/21/2025
HIGH 7.5 PyPI
GHSA-hv3w-m4g2-5x77 · CVE-2026-35526, PYSEC-2026-134 strawberry-graphql: Denial of Service via unbounded WebSocket subscriptions
Modified: 5/20/2026
HIGH 7.5 PyPI
GHSA-vpwc-v33q-mq89 · CVE-2026-35523, PYSEC-2026-133 strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol
Modified: 5/20/2026
LOW 3.1 PyPI
GHSA-x97m-qp5c-w9xj · CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Modified: 5/19/2026