VulnerableCode Package Details - pkg:maven/com.graphql-java/graphql-java@6.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-gy1e-a34n-ryh7 Aliases: CVE-2023-28867 GHSA-p4qx-6w5p-4rj2	In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.	17.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 18.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 19.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 20.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-rr5x-7fmw-vqb8 Aliases: CVE-2024-40094 GHSA-h9mq-f6q5-6c8m	GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.	19.11 Affected by 0 other vulnerabilities. 20.9 Affected by 0 other vulnerabilities. 21.5 Affected by 0 other vulnerabilities.
VCID-s7ws-qts8-v7a3 Aliases: CVE-2022-37734 GHSA-v62j-cxhh-fq22	graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources	17.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 18.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-gy1e-a34n-ryh7
Aliases:
CVE-2023-28867
GHSA-p4qx-6w5p-4rj2

In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.

17.5
Affected by 1 other vulnerability.

18.4
Affected by 1 other vulnerability.

19.4
Affected by 1 other vulnerability.

20.1
Affected by 1 other vulnerability.

VCID-rr5x-7fmw-vqb8
Aliases:
CVE-2024-40094
GHSA-h9mq-f6q5-6c8m

GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.

19.11
Affected by 0 other vulnerabilities.

20.9
Affected by 0 other vulnerabilities.

21.5
Affected by 0 other vulnerabilities.

VCID-s7ws-qts8-v7a3
Aliases:
CVE-2022-37734
GHSA-v62j-cxhh-fq22

graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources

17.4
Affected by 2 other vulnerabilities.

18.3
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T09:20:45.803156+00:00	GHSA Importer	Affected by	VCID-gy1e-a34n-ryh7	https://github.com/advisories/GHSA-p4qx-6w5p-4rj2	38.6.0
2026-06-12T19:36:01.730583+00:00	GitLab Importer	Affected by	VCID-rr5x-7fmw-vqb8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.graphql-java/graphql-java/CVE-2024-40094.yml	38.6.0
2026-06-12T18:50:40.880055+00:00	GitLab Importer	Affected by	VCID-gy1e-a34n-ryh7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.graphql-java/graphql-java/CVE-2023-28867.yml	38.6.0
2026-06-12T18:31:29.158820+00:00	GitLab Importer	Affected by	VCID-s7ws-qts8-v7a3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.graphql-java/graphql-java/CVE-2022-37734.yml	38.6.0