Search for packages
| purl | pkg:maven/com.graphql-java/graphql-java@18.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5z1v-pkb5-d7e7
Aliases: CVE-2024-40094 GHSA-h9mq-f6q5-6c8m |
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-gwdw-gqh8-sfan | GraphQL Java vulnerable to stack consumption In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4 and 17.5. |
CVE-2023-28867
GHSA-p4qx-6w5p-4rj2 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T05:15:39.305292+00:00 | GitLab Importer | Affected by | VCID-5z1v-pkb5-d7e7 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.graphql-java/graphql-java/CVE-2024-40094.yml | 38.6.0 |
| 2026-06-04T17:18:40.559399+00:00 | GithubOSV Importer | Fixing | VCID-gwdw-gqh8-sfan | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-p4qx-6w5p-4rj2/GHSA-p4qx-6w5p-4rj2.json | 38.6.0 |
| 2026-06-02T04:44:21.896916+00:00 | GitLab Importer | Fixing | VCID-gwdw-gqh8-sfan | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.graphql-java/graphql-java/CVE-2023-28867.yml | 38.6.0 |