Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/graphql@3.0.2
Typecomposer
Namespacesilverstripe
Namegraphql
Version3.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.8.2
Latest_non_vulnerable_version5.1.3
Affected_by_vulnerabilities
0
url VCID-3t8k-6f9c-yue7
vulnerability_id VCID-3t8k-6f9c-yue7
summary 
Uncontrolled Resource Consumption
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40180
reference_id
reference_type
scores
0
value 0.006
scoring_system epss
scoring_elements 0.69876
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40180
1
reference_url https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/
url https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries
2
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
3
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/
url https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c
4
reference_url https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/
url https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40180
reference_id CVE-2023-40180
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40180
6
reference_url https://www.silverstripe.org/download/security-releases/CVE-2023-40180
reference_id CVE-2023-40180
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/
url https://www.silverstripe.org/download/security-releases/CVE-2023-40180
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml
reference_id CVE-2023-40180.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml
8
reference_url https://github.com/advisories/GHSA-v23w-pppm-jh66
reference_id GHSA-v23w-pppm-jh66
reference_type
scores
url https://github.com/advisories/GHSA-v23w-pppm-jh66
9
reference_url https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66
reference_id GHSA-v23w-pppm-jh66
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:21:23Z/
url https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66
fixed_packages
0
url pkg:composer/silverstripe/graphql@3.8.2
purl pkg:composer/silverstripe/graphql@3.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.8.2
1
url pkg:composer/silverstripe/graphql@4.0.0-alpha1
purl pkg:composer/silverstripe/graphql@4.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.0.0-alpha1
2
url pkg:composer/silverstripe/graphql@4.1.3
purl pkg:composer/silverstripe/graphql@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fx1q-f6zv-1ka1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.1.3
3
url pkg:composer/silverstripe/graphql@4.2.5
purl pkg:composer/silverstripe/graphql@4.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fx1q-f6zv-1ka1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.2.5
4
url pkg:composer/silverstripe/graphql@4.3.0-rc1
purl pkg:composer/silverstripe/graphql@4.3.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fx1q-f6zv-1ka1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.0-rc1
5
url pkg:composer/silverstripe/graphql@4.3.4
purl pkg:composer/silverstripe/graphql@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fx1q-f6zv-1ka1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.3.4
6
url pkg:composer/silverstripe/graphql@5.0.0-alpha1
purl pkg:composer/silverstripe/graphql@5.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.0-alpha1
7
url pkg:composer/silverstripe/graphql@5.0.3
purl pkg:composer/silverstripe/graphql@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fx1q-f6zv-1ka1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.0.3
8
url pkg:composer/silverstripe/graphql@5.1.0-beta1
purl pkg:composer/silverstripe/graphql@5.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fx1q-f6zv-1ka1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@5.1.0-beta1
aliases CVE-2023-40180, GHSA-v23w-pppm-jh66
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3t8k-6f9c-yue7
1
url VCID-qmfy-dxag-uuex
vulnerability_id VCID-qmfy-dxag-uuex
summary 
Improper Authentication
In SilverStripe, GraphQL does not honour MFA (multi-factor authentication) when using basic authentication.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26136
reference_id
reference_type
scores
0
value 0.00216
scoring_system epss
scoring_elements 0.44223
published_at 2026-06-05T12:55:00Z
1
value 0.00216
scoring_system epss
scoring_elements 0.44155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26136
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26136
reference_id CVE-2020-26136
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26136
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26136
reference_id CVE-2020-26136
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-26136
8
reference_url https://github.com/advisories/GHSA-mg2g-8pwj-r2j2
reference_id GHSA-mg2g-8pwj-r2j2
reference_type
scores
url https://github.com/advisories/GHSA-mg2g-8pwj-r2j2
fixed_packages
0
url pkg:composer/silverstripe/graphql@3.5.0
purl pkg:composer/silverstripe/graphql@3.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3t8k-6f9c-yue7
1
vulnerability VCID-qmfy-dxag-uuex
2
vulnerability VCID-sg62-98yy-2kd7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.5.0
1
url pkg:composer/silverstripe/graphql@3.6.0-alpha1
purl pkg:composer/silverstripe/graphql@3.6.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3t8k-6f9c-yue7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.6.0-alpha1
2
url pkg:composer/silverstripe/graphql@4.0.0-alpha2
purl pkg:composer/silverstripe/graphql@4.0.0-alpha2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@4.0.0-alpha2
aliases CVE-2020-26136, GHSA-mg2g-8pwj-r2j2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmfy-dxag-uuex
2
url VCID-r1eg-dwej-5kau
vulnerability_id VCID-r1eg-dwej-5kau
summary 
Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41982
published_at 2026-06-04T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42056
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
3
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
4
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
5
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
6
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url https://www.silverstripe.org/blog/tag/release
7
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
9
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12437
fixed_packages
0
url pkg:composer/silverstripe/graphql@3.1.2
purl pkg:composer/silverstripe/graphql@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3t8k-6f9c-yue7
1
vulnerability VCID-qmfy-dxag-uuex
2
vulnerability VCID-sg62-98yy-2kd7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.1.2
aliases CVE-2019-12437, GHSA-fx37-56v6-85q6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau
3
url VCID-sg62-98yy-2kd7
vulnerability_id VCID-sg62-98yy-2kd7
summary 
Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28661
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37842
published_at 2026-06-05T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.37751
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28661
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml
2
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
3
reference_url https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed
4
reference_url https://github.com/silverstripe/silverstripe-graphql/releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/releases
5
reference_url https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28661
reference_id CVE-2021-28661
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28661
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2021-28661
reference_id CVE-2021-28661
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2021-28661
8
reference_url https://github.com/advisories/GHSA-r7rh-g777-g5gx
reference_id GHSA-r7rh-g777-g5gx
reference_type
scores
url https://github.com/advisories/GHSA-r7rh-g777-g5gx
fixed_packages
0
url pkg:composer/silverstripe/graphql@3.5.2
purl pkg:composer/silverstripe/graphql@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3t8k-6f9c-yue7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.5.2
aliases CVE-2021-28661, GHSA-r7rh-g777-g5gx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sg62-98yy-2kd7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.0.2