Overview · strawberry-graphql/strawberry · GitHub

Security

Report a vulnerability

.github/SECURITY.md

Security contact information

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol
GHSA-vpwc-v33q-mq89 published Apr 4, 2026 by patrick91

High
Denial of Service via unbounded WebSocket subscriptions
GHSA-hv3w-m4g2-5x77 published Apr 4, 2026 by patrick91

High
Type resolution vulnerability in node interface allows potential data leakage through incorrect type resolution
GHSA-5xh2-23cc-5jc6 published Jan 9, 2025 by patrick91

Low
Cross-Site Request Forgery (CSRF) in strawberry-graphql
GHSA-79gp-q4wv-33fr published Sep 25, 2024 by patrick91

Moderate

Learn more about advisories related to strawberry-graphql/strawberry in the GitHub Advisory Database