Search for packages
| purl | pkg:npm/graphql-playground-react@1.7.28 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-khfg-j5wd-j7hb | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a dynamic XSS attack surface that can allow code injection on operation autocomplete. |
CVE-2021-41248
CVE-2021-41249 GHSA-59r9-6jp6-jcm7 GHSA-x4r7-m2q9-69c8 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-07T20:47:43.358587+00:00 | GHSA Importer | Fixing | VCID-khfg-j5wd-j7hb | https://github.com/advisories/GHSA-59r9-6jp6-jcm7 | 38.6.0 |
| 2026-06-04T17:32:56.321992+00:00 | GithubOSV Importer | Fixing | VCID-khfg-j5wd-j7hb | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-59r9-6jp6-jcm7/GHSA-59r9-6jp6-jcm7.json | 38.6.0 |
| 2026-06-02T04:40:21.489077+00:00 | GitLab Importer | Fixing | VCID-khfg-j5wd-j7hb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/graphql-playground-react/CVE-2021-41249.yml | 38.6.0 |