VYPR

NuGet package

hotchocolate.language

pkg:nuget/hotchocolate.language

Vulnerabilities (1)

  • CVE-2026-40324CriApr 18, 2026
    affected < 12.22.7fixed 12.22.7

    Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list va