Product
hasura graphql engine
7 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-47748
CVE-2021-47715
CVE-2021-47714
CVE-2021-47713
CVE-2023-27588
CVE-2022-46792
CVE-2019-1020015
all versions
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands thro
all versions
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema
all versions
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection i
all versions
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicio
< 1.3.4
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered with
>= 2.10.0 and < 2.10.2
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed ver
< 1.0.0
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.