GraphQL: A Practical Guide

Curated and synthesized by Carl Sampson. Last updated 2026-06-29. Synthesized from 102 of 102 curated resources. Browse all 102 GraphQL resources →

The GraphQL Attack Surface

GraphQL, a query language for APIs developed by Facebook, has gained significant traction due to its efficiency and flexibility in data fetching ^[1]^[2]^[3]. Unlike REST's multiple endpoints for various resources, GraphQL typically exposes a single endpoint where clients can precisely define the data they need in a single request ^[3]^[4]. This schema-driven approach, while powerful for developers, introduces a distinct set of security challenges and a unique attack surface. Understanding these vulnerabilities is critical for application security professionals tasked with defending these systems.

Core Mechanics of GraphQL Security Risks

At its heart, GraphQL's security risks stem from its inherent flexibility and the way it exposes data and operations. The core of this lies in the schema, which defines all available types, fields, queries, and mutations ^[1]. Without proper controls, this rich introspection capability can be a significant advantage for attackers ^[5]^[6].

The dynamic nature of GraphQL queries means that clients have a high degree of control over the data fetched. This can lead to issues like:

Excessive Query Complexity: Clients can craft deeply nested or highly recursive queries that can overwhelm server resources, leading to Denial of Service (DoS) conditions ^[7]^[8]^[9].
Data Exposure via Permissive Field Selection: The ability to select specific fields means that if authorization isn't granularly enforced at the field level, sensitive data can be inadvertently exposed ^[10].
Injection Attacks: As with any API accepting user input, GraphQL arguments are prime targets for injection attacks, including SQL, NoSQL, and command injection, if not properly validated and parameterized ^[11]^[12].
Broken Authorization and Authentication: GraphQL itself doesn't enforce authentication or authorization; these must be implemented within the application logic, often at the resolver level. Inconsistent implementation can lead to unauthorized access ^[13]^[14]^[10].
Abuse of Introspection: The introspection system, which exposes the API schema, is a critical reconnaissance tool for attackers if left enabled in production environments ^[15]^[16]^[2].
Batching and Aliasing Exploitation: Features like query batching and aliasing allow multiple operations in a single request, which can be abused to bypass rate limits, perform brute-force attacks, or contribute to DoS ^[17]^[18]^[19]^[12]^[20].

Notable Techniques and Vulnerabilities

A wide array of vulnerabilities have been documented targeting GraphQL APIs. Understanding these common attack vectors is paramount for effective security assessments.

Introspection Abuse

GraphQL introspection allows clients to query the schema, providing detailed metadata about types, fields, and operations ^[16]^[2]. When enabled in production, this feature provides attackers with a comprehensive map of the API's attack surface, including potential entry points for further exploitation ^[15]^[6]^[5]. Attackers can use tools like GraphQL Voyager to visualize the schema and identify high-value targets ^[16]^[2]. Even when introspection is disabled, field suggestions in error messages can aid schema reconstruction ^[21]^[2]^[3].

{
__schema {     types {       name       fields {         name       }     }   } }

Denial of Service (DoS) and Resource Exhaustion

GraphQL's flexibility in query construction can be a double-edged sword. Maliciously crafted queries can lead to significant resource consumption:

Deeply Nested Queries: Queries with excessive nesting or cyclical references force the server to perform numerous recursive calls, potentially exhausting resources ^[7]^[8]^[10]^[20]^[3]. Tools like graphql-depth-limit are used to mitigate this ^[22]^[11].
Query Complexity and Aliasing: Leveraging query complexity or the overuse of aliases can amplify the load on the server. An attacker can use aliases to make multiple requests for the same data with different arguments, effectively bypassing simple rate limiting or causing DoS ^[23]^[17]^[18]^[19]^[12]^[20].
Batching Attacks: The ability to batch multiple queries or mutations into a single HTTP request can be exploited to bypass rate limits, perform brute-force credential stuffing, or cause DoS by sending a large number of operations in one go ^[17]^[24]^[21]^[12]^[20]^[25]. For instance, a password reset mutation could be targeted with all possible PIN combinations within a single batched request ^[24]^[25].
Field Duplication: Including duplicate fields within a single query can also lead to increased server workload and potential DoS ^[12]^[20].

A specific example of a DoS vulnerability was found in HackerOne's account recovery flow due to mutation aliasing ^[23]. GitLab has also seen DoS vulnerabilities related to Duo AI features ^[26]^[27]. Apollo Compiler experienced a DoS vulnerability (CVE-2025-31496) due to named fragment expansion ^[28]^[29].

Authorization and Access Control Flaws

GraphQL APIs are susceptible to broken access control, a perennial OWASP Top Ten concern ^[13]^[10]^[30]^[9]. This can manifest in several ways:

Insecure Direct Object References (IDOR): If authorization checks are not properly implemented at the resolver level or when accessing objects via identifiers, attackers can access data belonging to other users or objects ^[31]^[32]^[30]^[33]^[2]^[34]^[35]. For example, simply incrementing a user or object ID in a query could reveal unauthorized data ^[10]^[2]^[3].
Authentication Bypass: Insufficient authentication controls can allow unauthenticated users to access protected queries or mutations. This has been observed in e-commerce platforms allowing unauthorized user creation or privilege escalation via GraphQL endpoints ^[13]^[36]^[33].
Field-Level Authorization Gaps: Even if higher-level access controls are in place, a lack of granular authorization on specific fields can lead to information disclosure. For instance, a user might be authorized to view their profile but still access sensitive hidden fields like role or passwordHash ^[14]^[10].

A vulnerability in GitLab allowed authenticated users to trigger Duo AI workflows under another user's identity due to improper user identity resolution ^[27].

Injection Attacks

As with any API accepting user-supplied input, GraphQL is vulnerable to various injection attacks. The risk is amplified when arguments are directly incorporated into backend queries or commands without proper sanitization or parameterization ^[11]^[12].

SQL/NoSQL Injection: Arguments passed to queries, especially those used in database operations, can be vulnerable. Operator injection, for example, can be used in ORMs like Prisma to alter query logic ^[37]^[12]^[11]. Exploiting parameterized queries in PostgreSQL can lead to local file reads ^[38].
Server-Side Request Forgery (SSRF): Fields that accept URLs as input are susceptible. Attackers can inject internal IP ranges or metadata endpoints to probe internal networks or exfiltrate cloud credentials ^[12]^[20]^[3].
Command Injection: If user input is used to construct system commands, command injection can occur ^[20]^[3].

Cross-Site Request Forgery (CSRF)

GraphQL APIs, especially those using cookies for authentication and accepting GET requests or non-JSON POST requests, can be vulnerable to CSRF. Attackers can trick users into performing unintended actions by embedding malicious GraphQL requests in other sites ^[39]^[40]^[21]^[41]^[42]^[43]^[44]^[45].

Other Vulnerabilities

Excessive Errors/Field Suggestions: Verbose error messages or field suggestions can leak schema information or hint at available fields, aiding attackers ^[12]^[4]^[20]^[3].
Local File Read: SQL injection in GraphQL endpoints can sometimes lead to local file read vulnerabilities, as seen with Hasura GraphQL ^[38].
Supply Chain Attacks: Compromised build pipelines can lead to malicious packages being published, affecting downstream consumers. This has impacted libraries like those from TanStack ^[46].

Detection and Prevention Strategies

Mitigating GraphQL vulnerabilities requires a multi-layered approach focusing on secure development practices, robust configuration, and continuous monitoring.

Secure Schema Design and Introspection Management

Disable Introspection in Production: Unless explicitly required for public APIs or specific developer tools, introspection should be disabled in production environments to prevent schema leakage ^[15]^[22]^[16]^[41]^[20]^[2]^[3]. If enabled, access should be strictly controlled via authentication and authorization ^[15]^[2].
Limit GraphiQL and Developer Tools: Similar to introspection, developer interfaces like GraphiQL should not be publicly accessible in production ^[16]^[20]^[2].
Schema Validation and Management: Regularly review and validate the GraphQL schema for potential security misconfigurations or unintended exposure of sensitive data ^[47].

Input Validation and Sanitization

Strict Input Validation: All arguments passed to queries and mutations must be strictly validated and sanitized to prevent injection attacks ^[11]^[12]^[20]. This includes using specific scalar types, enums, or custom validators ^[11].
Parameterized Queries/Prepared Statements: When integrating with databases, always use parameterized queries or prepared statements to avoid SQL/NoSQL injection, rather than string concatenation ^[37]^[12]^[11].
URL Validation for SSRF: For fields accepting URLs, implement strict validation and use allow-lists to prevent SSRF attacks ^[20]^[3].

Access Control Enforcement

Authentication and Authorization at the Resolver Level: Implement robust authentication mechanisms and granular authorization checks within resolvers. Ensure that every field and mutation enforces the necessary access controls based on user roles and permissions ^[13]^[14]^[48]^[10]^[30]^[33]^[2].
Contextual User Information: Pass authenticated user information (e.g., via JWTs) in the GraphQL context to make it accessible within resolvers for authorization decisions ^[14]^[48]^[49].
Deny by Default: Adopt a deny-by-default posture for access control, granting permissions only when explicitly authorized ^[13].

DoS and Resource Limiting

Query Depth and Complexity Limits: Implement limits on query depth and complexity to prevent resource exhaustion attacks ^[7]^[22]^[48]^[50]^[8]^[20]^[11]. Libraries like graphql-depth-limit and query cost analysis tools can assist ^[22]^[48]^[11].
Rate Limiting: Apply rate limiting to GraphQL endpoints, considering both the number of requests and potentially the complexity or cost of queries. This can be implemented using techniques like token buckets or by tracking request counts per user/IP ^[17]^[50]^[20]^[11].
Batching and Alias Restrictions: Configure limits on the number of operations allowed in batched requests or disable batching entirely for sensitive operations. Restrict the excessive use of aliases as well ^[17]^[18]^[19]^[12]^[20]^[11].
Timeouts: Implement timeouts on query execution and HTTP requests to prevent long-running or stalled operations from impacting server availability ^[22]^[48]^[11].

CSRF Protection

RESTful Endpoints and Request Methods: Ideally, GraphQL endpoints should only accept POST requests with a Content-Type: application/json header to mitigate CSRF risks ^[41]^[1]^[51].
CSRF Tokens: Implement standard CSRF protection mechanisms, especially for mutation operations ^[40]^[1].

Tooling for GraphQL Security Testing

A variety of specialized tools aid in the security assessment of GraphQL APIs:

GraphQLmap: A scripting engine for pentesting GraphQL endpoints, supporting introspection, fuzzing, and batching attacks ^[52]^[53]^[47].
InQL (Burp Extension): A Burp Suite extension for GraphQL security testing, offering schema analysis, query generation, and batch query capabilities ^[54]^[53]^[47]^[55]^[56]^[57].
GraphQL Voyager: A tool for visualizing GraphQL schemas, aiding in understanding complex relationships ^[58]^[16]^[2]^[53]^[47]^[35].
Clairvoyance/Clairvoyancex: Tools for recovering GraphQL schemas when introspection is disabled by analyzing field suggestions ^[58]^[21]^[53]^[47]^[59]^[25].
BatchQL: A script focused on auditing GraphQL APIs for batching attacks ^[24]^[21]^[59]^[25].
GraphQL Armor: A customizable security middleware for Apollo and Envelop servers ^[47].
GraphQL Cop / GraphQL Security: Utilities for running common security tests against GraphQL APIs, often within CI/CD pipelines ^[47].
GraphCrawler: An automated toolkit for GraphQL endpoint discovery, schema analysis, and basic vulnerability testing ^[60].
Burp Suite: With extensions like InQL and built-in scanner capabilities, Burp Suite is essential for manual and automated testing ^[54]^[55].
Damn Vulnerable GraphQL Application (DVGA): An intentionally vulnerable application designed for practicing GraphQL security testing ^[7]^[61].

Recent Developments

The GraphQL ecosystem continues to evolve, with ongoing efforts to enhance security. Recent developments highlight a focus on:

Automated Schema Analysis: Tools are becoming more sophisticated in schema discovery and vulnerability identification, even when introspection is disabled ^[21]^[53]^[47]^[60].
AI in Security: AI-driven approaches are being explored for detecting complex GraphQL vulnerabilities and automating parts of the security testing workflow ^[62]^[55].
Supply Chain Security: As seen with the TanStack incident, securing the development pipeline is crucial to prevent the distribution of malicious GraphQL-related packages ^[46].
Centralized Policy Enforcement: Platforms like Apollo GraphOS offer centralized policy enforcement points (e.g., in the router) for managing authorization and other security measures across a supergraph ^[63].

Where to Go Deeper

For those looking to deepen their expertise in GraphQL security, several resources are invaluable:

OWASP GraphQL Cheat Sheet: A comprehensive guide covering common attacks and best practices ^[11].
PortSwigger GraphQL Security Resources: Offers labs and articles detailing GraphQL vulnerabilities and testing methodologies ^[64]^[41].
Apollo GraphQL Documentation: Provides guidance on implementing authentication, authorization, and security best practices within Apollo Server and Router ^[14]^[48]^[49]^[65].
GitHub Repositories: Tools like GraphQLmap, InQL, BatchQL, and DVGA are essential for hands-on learning and testing ^[54]^[53]^[52]^[61]^[57].
Security Blogs and Writeups: Numerous security researchers and companies publish findings and guides on GraphQL vulnerabilities, offering practical insights into exploitation and mitigation ^[66]^[39]^[28]^[7]^[13]^[17]^[18]^[67]^[29]^[58]^[15]^[38]^[68]^[69]^[37]^[22]^[48]^[8]^[31]^[70]^[71]^[72]^[32]^[73]^[65]^[74]^[24]^[54]^[40]^[75]^[21]^[76]^[77]^[78]^[6]^[79]^[80]^[81]^[5]^[12]^[41]^[82]^[36]^[83]^[10]^[4]^[30]^[20]^[84]^[85]^[33]^[9]^[86]^[87]^[1]^[2]^[53]^[51]^[11]^[3]^[47]^[88]^[59]^[89]^[34]^[43]^[52]^[56]^[90]^[91]^[92]^[93]^[94]^[95]^[96]^[61]^[25]^[57]^[44]^[45]^[35].
Awesome GraphQL Security Lists: Curated lists on GitHub provide a centralized resource for tools, libraries, and articles related to GraphQL security ^[47].

Sources cited in this guide

GraphQL API Vulnerabilities, Common Attacks & Security Tips — vaadata.com
Hacking GraphQL Endpoints in Bug Bounty Programs | YesWeHack — yeswehack.com
GraphQL Security from a Pentester's Perspective | AFINE — afine.com
GraphQL API Vulnerabilities and Common Attacks — imperva.com
GraphQL Security Testing: Introspection Abuse, Injection, and DoS — redteamworldwide.com
Abusing GraphQL Introspection: A Gateway for Recon and Exploitation — infosecwriteups.com
Exploiting GraphQL Query Depth — checkmarx.com
Cyclic Queries and Depth Limiting (Escape) — escape.tech
GraphQL Security Testing Guide (2026) — levo.ai
GraphQL API Security Risks Every Developer Should Know — wiz.io
GraphQL Cheat Sheet | OWASP — cheatsheetseries.owasp.org
Hacking (and Securing) GraphQL — blog.arcjet.com
Exploiting Broken Authentication Control in GraphQL — praetorian.com
Authorization in GraphQL (Apollo) — apollographql.com
GraphQL Introspection Security: Lessons from the Parse Server Vulnerability — escape.tech
OWASP WSTG: Testing GraphQL — owasp.org
Didn't Notice Your Rate Limiting: GraphQL Batching Attack — checkmarx.com
Avoid GraphQL Denial-of-Service Attacks through Batching and Aliasing — escape.tech
DoS via Mutation Aliasing in GraphQL — HackerOne Disclosure — redpacketsecurity.com
GraphQL Security: 7 Common Vulnerabilities and Mitigations — tyk.io
Exploiting GraphQL (Assetnote Research) — assetnote.io
GraphQL Security: 9 Best Practices to Protect Your API (Escape) — escape.tech
How GraphQL Mutation Aliasing Led to a $12,500 DoS Bug in HackerOne’s Account Recovery Flow — infosecwriteups.com
BatchQL: GraphQL Security Auditing for Batch Attacks — github.com
Exploiting GraphQL — blog.assetnote.io
GitLab Patches Multiple Duo AI DoS and Authorization Flaws in Community and Enterprise Edition — cybersecuritynews.com
GitLab Patches Multiple Duo AI DoS and Authorisation Vulnerabilities — gbhackers.com
CVE-2025-31496: GraphQL Query Vulnerability in Apollo Compiler Leading to DoS — ameeba.com
Apollo Router Query Planner Excessive Resource Consumption via Named Fragment Expansion (CVE-2025-32034) — github.com
Exploiting Broken Access Control on GraphQL — vaadata.com
IDOR Vulnerability In GraphQL Api On inmobi.com — 1mirabbas.medium.com
GraphQL IDOR leads to information disclosure (Eshan Singh) — medium.com
GraphQL Security: How I Found and Exploited Critical IDOR and Authorization Bypass — infosecwriteups.com
GraphQL Introspection leads to Sensitive Data Disclosure. — medium.com
GraphQL IDOR leads to information disclosure - Eshan Singh - Medium — medium.com
How a GraphQL Bug Resulted in Authentication Bypass — hackerone.com
Prisma and PostgreSQL vulnerable to NoSQL injection? (Aikido) — aikido.dev
Hasura GraphQL 1.3.3 Local File Read via SQL Injection — vulncheck.com
CVE-2025-59845: CSRF Vulnerability in Apollo Studio Embeddable Explorer and Sandbox — ameeba.com
Exploiting CSRF in GraphQL Applications — fdzdev.medium.com
GraphQL API Vulnerabilities - PortSwigger — portswigger.net
Facebook GraphQL CSRF – These aren't the access_tokens you're looking for — philippeharewood.com
[TOKOPEDIA] SITE-WIDE CSRF THROUGH GRAPHQL REQUEST — rafiem.github.io
Facebook GraphQL CSRF – These aren't the access_tokens you're looking for — philippeharewood.com
[TOKOPEDIA] SITE-WIDE CSRF THROUGH GRAPHQL REQUEST — rafiem.github.io
TanStack npm Packages Hit by Mini Shai-Hulud — snyk.io
Escape-Technologies/awesome-graphql-security: A curated list of awesome GraphQL Security frameworks, libraries, software and resources — github.com
9 Ways To Secure your GraphQL API - Apollo Checklist — apollographql.com
Apollo Authentication and Authorization Docs — apollographql.com
Securing GraphQL API endpoints using rate limits and depth limits (LogRocket) — blog.logrocket.com
GraphQL | HackTricks — book.hacktricks.xyz
swisskyrepo/GraphQLmap: GraphQLmap is a scripting engine to interact with a — github.com
PayloadsAllTheThings - GraphQL Injection — github.com
InQL: Advanced GraphQL Security Testing Burp Extension — github.com
Teycir/BurpAPISecuritySuite: Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage. — github.com
br3akp0int/GQLParser: A repository for GraphQL Extension for Burp Suite — github.com
doyensec/graph-ql: GraphQL Security Research Material — github.com
PayloadsAllTheThings — GraphQL Injection — github.com
https://blog.assetnote.io/2021/08/29/exploiting-graphql/ — blog.assetnote.io
https://github.com/gsmith257-cyber/GraphCrawler — github.com
Damn Vulnerable GraphQL Application — github.com
DarkMoon AI-Powered Autonomous Penetration Testing Platform With 50 Tools — cybersecuritynews.com
Enforcing GraphQL security best practices with GraphOS — apollographql.com
GraphQL API Vulnerabilities Learning Path — PortSwigger — portswigger.net
Exploiting GraphQL for Penetration Testing (Raxis) — raxis.com
CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED) — rapid7.com
API Threat Research: GraphQL Authorization Flaws in a FinTech Platform — salt.security
Discovering GraphQL endpoints and SQLi vulnerabilities — medium.com
HackerOne Report #435066: SQL injection in GraphQL endpoint — hackerone.com
Exploiting GraphQL: Complete Guide for Bug Bounty Hunters — medium.com
Exploiting GraphQL for fun and bounties (BugBase) — bugbase.ai
GraphQL for Bug Bounty (Mudhalai Mr) — medium.com
Bug Bounty: BAC in GraphQL (10 Major Vulns - Cloverleaf) — medium.com
Exploiting GraphQL Vulnerabilities: Misconfig to Data Leaks — dev.to
GraphQL Vulnerabilities Cheat Sheet — 0xn3va.gitbook.io
GraphQL Discovery: Pentesting 101 Guide — escape.tech
GraphQL Pentesting: Beginner's Guide to Advanced — medium.com
The Complete GraphQL Security Guide: Fixing the 13 Most Common Vulnerabilities — wundergraph.com
Exploiting GraphQL: A Full-Spectrum Security Assessment — kizerh.medium.com
Common Attacks on REST APIs and GraphQL APIs — medium.com
GraphQL API Security: Common Vulnerabilities and Exploits — medium.com
GraphQL Attacks and Vulnerabilities — beaglesecurity.com
Top GraphQL Security Vulnerabilities: Analyzing 1,500+ Endpoints — konghq.com
GraphQL Security Flaws and Exploitation — infosecwriteups.com
GraphQL Security Vulnerabilities Guide - SecPortal — secportal.io
GraphQL Security Complete Guide | Payload Playground — payloadplayground.com
GraphQL Vulnerabilities and Common Attacks Seen in the Wild | Imperva — imperva.com
GraphQL - Security Overview and Testing Tips · Doyensec's Blog — blog.doyensec.com
GraphQL introspection leads to sensitive data disclosure. — medium.com
doyensec/graph-ql: GraphQL Security Research Material — github.com
GraphQL - HackTricks — book.hacktricks.wiki
👩‍💻Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much… — infosecwriteups.com
Mastering GraphQL API Pentesting: The Ultimate Resource Guide — medium.com
Mastering the Realm of GraphQL Exploitation — medium.com
Slides: GraphQL Hacking — rashahacks.com
Favorite tweet by @harshbothra_ — twitter.com

📚 This guide is synthesized from the full text of resources curated in the GraphQL library, and refreshed as new material is added.