VulnerableCode Package Details - pkg:maven/com.graphql-java/graphql-java@0.0.0-2025-04-03T03-34-48-bfd7b46

Search for packages

Vulnerability	Summary	Fixed by
VCID-5z1v-pkb5-d7e7 Aliases: CVE-2024-40094 GHSA-h9mq-f6q5-6c8m	GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.	19.11 Affected by 0 other vulnerabilities. 20.9 Affected by 0 other vulnerabilities. 21.5 Affected by 0 other vulnerabilities.
VCID-7tre-pj2q-4ugh Aliases: CVE-2022-37734 GHSA-v62j-cxhh-fq22	graphql-java: DoS by malicious query	17.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 18.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gwdw-gqh8-sfan Aliases: CVE-2023-28867 GHSA-p4qx-6w5p-4rj2	GraphQL Java vulnerable to stack consumption In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4 and 17.5.	17.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 18.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 19.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 20.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-5z1v-pkb5-d7e7
Aliases:
CVE-2024-40094
GHSA-h9mq-f6q5-6c8m

GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.

19.11
Affected by 0 other vulnerabilities.

20.9
Affected by 0 other vulnerabilities.

21.5
Affected by 0 other vulnerabilities.

VCID-7tre-pj2q-4ugh
Aliases:
CVE-2022-37734
GHSA-v62j-cxhh-fq22

graphql-java: DoS by malicious query

17.4
Affected by 2 other vulnerabilities.

18.3
Affected by 2 other vulnerabilities.

VCID-gwdw-gqh8-sfan
Aliases:
CVE-2023-28867
GHSA-p4qx-6w5p-4rj2

GraphQL Java vulnerable to stack consumption In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4 and 17.5.

17.5
Affected by 1 other vulnerability.

18.4
Affected by 1 other vulnerability.

19.4
Affected by 1 other vulnerability.

20.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:15:37.755657+00:00	GitLab Importer	Affected by	VCID-5z1v-pkb5-d7e7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.graphql-java/graphql-java/CVE-2024-40094.yml	38.6.0
2026-06-06T03:37:17.250346+00:00	GitLab Importer	Affected by	VCID-gwdw-gqh8-sfan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.graphql-java/graphql-java/CVE-2023-28867.yml	38.6.0
2026-06-06T02:49:36.495636+00:00	GitLab Importer	Affected by	VCID-7tre-pj2q-4ugh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.graphql-java/graphql-java/CVE-2022-37734.yml	38.6.0