CVE-2025-27407 - Remote Code Execution in graphql-ruby via `from_introspection` Schema Loading
A critical vulnerability was discovered in graphql-ruby, the popular Ruby library for implementing GraphQL APIs. If your application uses certain versions of graphql-ruby, attackers could
CVE-2025-27097 - Variable Caching Flaw in GraphQL Mesh Federation Gateway Leads to Memory Leak and Token Replay
Published: June 2024
TL;DR
A security vulnerability in GraphQL Mesh (CVE-2025-27097) affects applications using GraphQL Mesh as a federation gateway. When using transforms at
CVE-2025-27098 - Static File Path Traversal Vulnerability in GraphQL Mesh – Details, Exploit, and How to Fix
GraphQL Mesh is a powerful gateway and federation framework that gives you the flexibility to connect not just GraphQL subgraphs, but also REST APIs, gRPC
CVE-2025-22151 - Type Confusion in Strawberry GraphQL Relay Integration Leads to Data Leaks and Privilege Escalation
Strawberry GraphQL is a popular Python library for building GraphQL APIs. It's widely adopted and integrates smoothly with Django, SQLAlchemy, Pydantic, and other
CVE-2024-8116 - Exploiting GitLab GraphQL to Leak Branch Names Without Authorization
A new security issue, CVE-2024-8116, was discovered in multiple versions of GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability lets unauthorized users use
Episode
00:00:00
00:00:00