Strawberry Strawberry Graphql — known CVE vulnerabilities
Every CVE whose affected-product data names Strawberry Strawberry Graphql, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2026-35523 — CVSS 7.5 (high): Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on…
CVE-2026-35526 — CVSS 7.5 (high): Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both…
CVE-2026-47706 — CVSS 5.3 (medium): Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is…
CVE-2026-47707 — CVSS 5.3 (medium): Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in…
CVE-2026-45739 — CVSS 3.1 (low): Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template…