VulnerableCode Package Details - pkg:composer/silverstripe/graphql@2.0.5

Search for packages

Vulnerability	Summary	Fixed by
VCID-414d-7bfm-kud7 Aliases: CVE-2021-28661 GHSA-r7rh-g777-g5gx	Incorrect Authorization Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.	3.5.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ajga-3b99-yugh Aliases: CVE-2020-26136 GHSA-mg2g-8pwj-r2j2	Authentication bypass in SilverStripe GraphQL The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though. Basic-auth has been removed as a default authentication method. If desired, it can be re-enabled by adding it to the authenticators key of a schema, or on SilverStripe\Graphql\Auth\Handler	3.5.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.6.0-alpha1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.0.0-alpha2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-414d-7bfm-kud7
Aliases:
CVE-2021-28661
GHSA-r7rh-g777-g5gx

Incorrect Authorization Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.

3.5.2
Affected by 1 other vulnerability.

VCID-ajga-3b99-yugh
Aliases:
CVE-2020-26136
GHSA-mg2g-8pwj-r2j2

Authentication bypass in SilverStripe GraphQL The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though. Basic-auth has been removed as a default authentication method. If desired, it can be re-enabled by adding it to the authenticators key of a schema, or on SilverStripe\Graphql\Auth\Handler

3.5.0
Affected by 3 other vulnerabilities.

3.6.0-alpha1
Affected by 1 other vulnerability.

4.0.0-alpha2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-cdgj-bdpy-ukak	Cross-Site Request Forgery (CSRF) Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.	CVE-2019-12437 GHSA-fx37-56v6-85q6

Vulnerability

Summary

Aliases

VCID-cdgj-bdpy-ukak

Cross-Site Request Forgery (CSRF) Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.

CVE-2019-12437
GHSA-fx37-56v6-85q6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:32:00.431206+00:00	GitLab Importer	Affected by	VCID-414d-7bfm-kud7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2021-28661.yml	38.4.0
2026-04-16T21:26:01.603242+00:00	GitLab Importer	Affected by	VCID-ajga-3b99-yugh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2020-26136.yml	38.4.0
2026-04-16T20:55:18.008744+00:00	GitLab Importer	Fixing	VCID-cdgj-bdpy-ukak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2019-12437.yml	38.4.0
2026-04-11T22:45:15.889158+00:00	GitLab Importer	Affected by	VCID-414d-7bfm-kud7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2021-28661.yml	38.3.0
2026-04-11T22:38:51.466397+00:00	GitLab Importer	Affected by	VCID-ajga-3b99-yugh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2020-26136.yml	38.3.0
2026-04-11T22:06:17.194928+00:00	GitLab Importer	Fixing	VCID-cdgj-bdpy-ukak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2019-12437.yml	38.3.0
2026-04-04T14:32:29.751957+00:00	GHSA Importer	Fixing	VCID-cdgj-bdpy-ukak	https://github.com/advisories/GHSA-fx37-56v6-85q6	38.1.0
2026-04-02T22:55:11.969488+00:00	GitLab Importer	Affected by	VCID-414d-7bfm-kud7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2021-28661.yml	38.1.0
2026-04-02T22:49:30.011804+00:00	GitLab Importer	Affected by	VCID-ajga-3b99-yugh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2020-26136.yml	38.1.0
2026-04-02T22:19:06.952383+00:00	GitLab Importer	Fixing	VCID-cdgj-bdpy-ukak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2019-12437.yml	38.1.0
2026-04-01T17:13:29.660518+00:00	GitLab Importer	Affected by	VCID-414d-7bfm-kud7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2021-28661.yml	38.0.0
2026-04-01T17:07:25.437214+00:00	GitLab Importer	Affected by	VCID-ajga-3b99-yugh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2020-26136.yml	38.0.0
2026-04-01T13:08:05.128061+00:00	GithubOSV Importer	Fixing	VCID-cdgj-bdpy-ukak	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fx37-56v6-85q6/GHSA-fx37-56v6-85q6.json	38.0.0
2026-04-01T12:48:31.448338+00:00	GitLab Importer	Fixing	VCID-cdgj-bdpy-ukak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/graphql/CVE-2019-12437.yml	38.0.0