pkg:npm/@payloadcms/graphql

All known vulnerabilities

• CRITICAL9.1CVE-2026-34751Payload: Pre-Authentication Account Takeover via Parameter Injection in Password Recovery
  from 0, < 3.79.1
• —CVE-2025-4644Payload's SQLite adapter Session Fixation vulnerability
  from 0, < 3.44.0
• —CVE-2025-4643Payload does not invalidate JWTs after log out
  from 0, < 3.44.0