Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/graphiql@1.4.1
Typenpm
Namespace
Namegraphiql
Version1.4.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.7
Latest_non_vulnerable_version1.4.7
Affected_by_vulnerabilities
0
url VCID-khfg-j5wd-j7hb
vulnerability_id VCID-khfg-j5wd-j7hb
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a dynamic XSS attack surface that can allow code injection on operation autocomplete.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41248
reference_id
reference_type
scores
0
value 0.00398
scoring_system epss
scoring_elements 0.60965
published_at 2026-06-05T12:55:00Z
1
value 0.00398
scoring_system epss
scoring_elements 0.60972
published_at 2026-06-06T12:55:00Z
2
value 0.00398
scoring_system epss
scoring_elements 0.60916
published_at 2026-06-04T12:55:00Z
3
value 0.00398
scoring_system epss
scoring_elements 0.60944
published_at 2026-06-08T12:55:00Z
4
value 0.00398
scoring_system epss
scoring_elements 0.6096
published_at 2026-06-09T12:55:00Z
5
value 0.00398
scoring_system epss
scoring_elements 0.60961
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41248
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41249
reference_id
reference_type
scores
0
value 0.00362
scoring_system epss
scoring_elements 0.58669
published_at 2026-06-05T12:55:00Z
1
value 0.00362
scoring_system epss
scoring_elements 0.58653
published_at 2026-06-08T12:55:00Z
2
value 0.00362
scoring_system epss
scoring_elements 0.58668
published_at 2026-06-09T12:55:00Z
3
value 0.00362
scoring_system epss
scoring_elements 0.58622
published_at 2026-06-04T12:55:00Z
4
value 0.00362
scoring_system epss
scoring_elements 0.58675
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41249
2
reference_url https://github.com/graphql/graphiql
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/graphql/graphiql
3
reference_url https://github.com/graphql/graphiql/blob/main/docs/security/2021-introspection-schema-xss.md#2-more-details-on-the-vulnerability
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/graphql/graphiql/blob/main/docs/security/2021-introspection-schema-xss.md#2-more-details-on-the-vulnerability
4
reference_url https://github.com/graphql/graphiql/commit/6701b0b626e43800e32413590a295e5c1e3d5419#diff-d45eb76aebcffd27d3a123214487116fa95e0b5a11d70a94a0ce3033ce09f879R110
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/graphql/graphiql/commit/6701b0b626e43800e32413590a295e5c1e3d5419#diff-d45eb76aebcffd27d3a123214487116fa95e0b5a11d70a94a0ce3033ce09f879R110
5
reference_url https://github.com/graphql/graphiql/commit/b9dec272d89d9c590727fd10d62e4a47e0317fc7#diff-855b77f6310b7e4fb1bcac779cd945092ed49fd759f4684ea391b45101166437R87
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/graphql/graphiql/commit/b9dec272d89d9c590727fd10d62e4a47e0317fc7#diff-855b77f6310b7e4fb1bcac779cd945092ed49fd759f4684ea391b45101166437R87
6
reference_url https://github.com/graphql/graphiql/commit/cb237eeeaf7333c4954c752122261db7520f7bf4
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/graphql/graphiql/commit/cb237eeeaf7333c4954c752122261db7520f7bf4
7
reference_url https://github.com/graphql/graphql-playground
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/graphql/graphql-playground
8
reference_url https://github.com/graphql/graphql-playground/commit/b8a956006835992f12c46b90384a79ab82bcadad
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/graphql/graphql-playground/commit/b8a956006835992f12c46b90384a79ab82bcadad
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41248
reference_id CVE-2021-41248
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41248
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41249
reference_id CVE-2021-41249
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41249
11
reference_url https://github.com/advisories/GHSA-59r9-6jp6-jcm7
reference_id GHSA-59r9-6jp6-jcm7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59r9-6jp6-jcm7
12
reference_url https://github.com/graphql/graphql-playground/security/advisories/GHSA-59r9-6jp6-jcm7
reference_id GHSA-59r9-6jp6-jcm7
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/graphql/graphql-playground/security/advisories/GHSA-59r9-6jp6-jcm7
13
reference_url https://github.com/advisories/GHSA-x4r7-m2q9-69c8
reference_id GHSA-x4r7-m2q9-69c8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4r7-m2q9-69c8
14
reference_url https://github.com/graphql/graphiql/security/advisories/GHSA-x4r7-m2q9-69c8
reference_id GHSA-x4r7-m2q9-69c8
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/graphql/graphiql/security/advisories/GHSA-x4r7-m2q9-69c8
fixed_packages
0
url pkg:npm/graphiql@1.4.7
purl pkg:npm/graphiql@1.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/graphiql@1.4.7
aliases CVE-2021-41248, CVE-2021-41249, GHSA-59r9-6jp6-jcm7, GHSA-x4r7-m2q9-69c8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khfg-j5wd-j7hb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/graphiql@1.4.1