SQL Injection Affecting fraiseql package, versions [,1.4.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PYTHON-FRAISEQL-14172729
- published4 Dec 2025
- disclosed2 Dec 2025
- creditUnknown
Introduced: 2 Dec 2025
New CVE NOT AVAILABLE CWE-89 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade fraiseql to version 1.4.0 or higher.
Overview
fraiseql is a GraphQL for the LLM era. Simple. Powerful. Rust-fast. Production-ready GraphQL API framework for PostgreSQL with CQRS, JSONB optimization, and type-safe mutations
Affected versions of this package are vulnerable to SQL Injection due to missing validation of GraphQL context parameters that allows client-controlled authentication fields and SQL inputs to flow directly into PostgreSQL function calls. An attacker can inject arbitrary SQL, bypass authorization checks, and access or modify data belonging to other users.