VYPR

Packagist (Composer) package

webonyx/graphql-php

pkg:composer/webonyx/graphql-php

Vulnerabilities (1)

  • CVE-2026-40476HigApr 17, 2026
    affected < 15.31.5fixed 15.31.5

    graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs O(n²) pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, ca