Mercurius Project Mercurius — known CVE vulnerabilities
Every CVE whose affected-product data names Mercurius Project Mercurius, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-30241 — CVSS 8.2 (high): Mercurius is a GraphQL adapter for Fastify. Prior to version 16.8.0, Mercurius fails to enforce the configured queryDepth limit on GraphQL…
CVE-2025-64166 — CVSS 5.4 (medium): Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (CSRF) vulnerability was identified. The…
CVE-2023-22477 — CVSS 5.3 (medium): Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by…