pkg:npm/@payloadcms/graphql

3 total CVEsCRITICAL1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.1CVE-2026-34751Payload: Pre-Authentication Account Takeover via Parameter Injection in Password Recovery
    from 0, < 3.79.1
  • CVE-2025-4644Payload's SQLite adapter Session Fixation vulnerability
    from 0, < 3.44.0
  • CVE-2025-4643Payload does not invalidate JWTs after log out
    from 0, < 3.44.0