Vulnerability Database

322,732

Total vulnerabilities in the database

CVE-2021-47713

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.

Published: Dec 22, 2025
Updated: Dec 27, 2025
CVE: CVE-2021-47713
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-770

Affected Software
References

Software	From	Fixed in
hasura / graphql_engine	1.3.3	1.3.3.x

https://github.com/hasura/graphql-engine
https://www.exploit-db.com/exploits/49789
https://www.vulncheck.com/advisories/hasura-graphql-denial-of-service-via-malicious-graphql-query

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo