npm/mercurius — 4 CVEs

HIGH7.5CVE-2021-43801Uncaught Exception in mercurius

>= 8.10.0, < 8.11.2

MEDIUM5.4CVE-2025-64166Mercurius: Incorrect Content-Type parsing can lead to CSRF attack

from 0, < 16.4.0

MEDIUM5.3CVE-2023-22477mercurius has Uncaught Exception when using subscriptions

>= 9.0.0, < 11.5.0

—Mercurius's queryDepth limit bypassed for WebSocket subscriptions

from 0, < 16.8.0

pkg:npm/mercurius