Is strawberry-graphql affected by CVE-2025-22151?

PyPI strawberry-graphql is affected in >=0.182.0 <0.257.0.

Is CVE-2025-22151 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

low

CVE-2025-22151

Q: Is CVE-2025-22151 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

PyPI · strawberry-graphql

Summary

Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

Severity: low
EPSS: 0.4% (p28)
Also known as: GHSA-5xh2-23cc-5jc6
Published: 2025-01-09

References

https://github.com/strawberry-graphql/strawberry/security/advisories/GHSA-5xh2-23cc-5jc6
https://nvd.nist.gov/vuln/detail/CVE-2025-22151
https://github.com/strawberry-graphql/strawberry/commit/526eb82b70451c0e59d5a71ae9b7396f59974bd8

Related advisories

CVE-2026-35523 — high · PyPI/strawberry-graphql
CVE-2026-35526 — high · PyPI/strawberry-graphql
CVE-2026-47707 — medium · PyPI/strawberry-graphql
CVE-2026-47706 — medium · PyPI/strawberry-graphql

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.