VulnerableCode Package Details - pkg:maven/com.graphql-java/graphql-java@20.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-5z1v-pkb5-d7e7 Aliases: CVE-2024-40094 GHSA-h9mq-f6q5-6c8m	GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.	20.9 Affected by 0 other vulnerabilities. 21.5 Affected by 0 other vulnerabilities.
VCID-gwdw-gqh8-sfan Aliases: CVE-2023-28867 GHSA-p4qx-6w5p-4rj2	GraphQL Java vulnerable to stack consumption In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4 and 17.5.	20.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-5z1v-pkb5-d7e7
Aliases:
CVE-2024-40094
GHSA-h9mq-f6q5-6c8m

GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.

20.9
Affected by 0 other vulnerabilities.

21.5
Affected by 0 other vulnerabilities.

VCID-gwdw-gqh8-sfan
Aliases:
CVE-2023-28867
GHSA-p4qx-6w5p-4rj2

GraphQL Java vulnerable to stack consumption In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4 and 17.5.

20.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-07T20:48:44.058813+00:00	GHSA Importer	Affected by	VCID-gwdw-gqh8-sfan	https://github.com/advisories/GHSA-p4qx-6w5p-4rj2	38.6.0
2026-06-05T21:46:43.455864+00:00	GHSA Importer	Affected by	VCID-5z1v-pkb5-d7e7	https://github.com/advisories/GHSA-h9mq-f6q5-6c8m	38.6.0
2026-06-04T17:18:40.683617+00:00	GithubOSV Importer	Affected by	VCID-gwdw-gqh8-sfan	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-p4qx-6w5p-4rj2/GHSA-p4qx-6w5p-4rj2.json	38.6.0
2026-06-04T16:22:06.087259+00:00	GitLab Importer	Affected by	VCID-5z1v-pkb5-d7e7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.graphql-java/graphql-java/CVE-2024-40094.yml	38.6.0
2026-06-02T04:44:21.864351+00:00	GitLab Importer	Affected by	VCID-gwdw-gqh8-sfan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.graphql-java/graphql-java/CVE-2023-28867.yml	38.6.0