Every CVE whose affected-product data names Hasura Graphql Engine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-47748 — CVSS 9.8 (critical): Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL…
CVE-2022-46792 — CVSS 8.8 (high): Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are…
CVE-2023-27588 — CVSS 7.5 (high): Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura…
CVE-2021-47713 — CVSS 7.5 (high): Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious…
CVE-2019-1020015 — CVSS 7.5 (high): graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.
CVE-2021-47714 — CVSS 5.5 (medium): Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the…
CVE-2021-47715 — CVSS 5.3 (medium): Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs…