pkg:npm/mercurius

4 total CVEsHIGH1MEDIUM2

✅ Check your installed version

All known vulnerabilities

  • HIGH7.5CVE-2021-43801Uncaught Exception in mercurius
    >= 8.10.0, < 8.11.2
  • MEDIUM5.4CVE-2025-64166Mercurius: Incorrect Content-Type parsing can lead to CSRF attack
    from 0, < 16.4.0
  • MEDIUM5.3CVE-2023-22477mercurius has Uncaught Exception when using subscriptions
    >= 9.0.0, < 11.5.0
  • CVE-2026-30241Mercurius's queryDepth limit bypassed for WebSocket subscriptions
    from 0, < 16.8.0