Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/silverstripe/graphql@1.1.5
purl pkg:composer/silverstripe/graphql@1.1.5
Next non-vulnerable version 3.8.2
Latest non-vulnerable version 5.1.3
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-414d-7bfm-kud7
Aliases:
CVE-2021-28661
GHSA-r7rh-g777-g5gx
Incorrect Authorization Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.
3.5.2
Affected by 1 other vulnerability.
VCID-ajga-3b99-yugh
Aliases:
CVE-2020-26136
GHSA-mg2g-8pwj-r2j2
Authentication bypass in SilverStripe GraphQL The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though. Basic-auth has been removed as a default authentication method. If desired, it can be re-enabled by adding it to the authenticators key of a schema, or on SilverStripe\Graphql\Auth\Handler
3.5.0
Affected by 3 other vulnerabilities.
3.6.0-alpha1
Affected by 1 other vulnerability.
4.0.0-alpha2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:32:00.408990+00:00 GitLab Importer Affected by VCID-414d-7bfm-kud7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2021-28661.yml 38.4.0
2026-04-16T21:26:01.579208+00:00 GitLab Importer Affected by VCID-ajga-3b99-yugh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2020-26136.yml 38.4.0
2026-04-11T22:45:15.862547+00:00 GitLab Importer Affected by VCID-414d-7bfm-kud7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2021-28661.yml 38.3.0
2026-04-11T22:38:51.440471+00:00 GitLab Importer Affected by VCID-ajga-3b99-yugh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2020-26136.yml 38.3.0
2026-04-02T22:55:11.945627+00:00 GitLab Importer Affected by VCID-414d-7bfm-kud7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2021-28661.yml 38.1.0
2026-04-02T22:49:29.988995+00:00 GitLab Importer Affected by VCID-ajga-3b99-yugh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2020-26136.yml 38.1.0
2026-04-01T17:13:29.633997+00:00 GitLab Importer Affected by VCID-414d-7bfm-kud7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2021-28661.yml 38.0.0
2026-04-01T17:07:25.410725+00:00 GitLab Importer Affected by VCID-ajga-3b99-yugh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2020-26136.yml 38.0.0