New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Audit your GraphQL API for introspection leaks, injection, and query complexity attacks.
Overview
GraphQL APIs have unique security challenges including introspection exposure, query depth attacks, and injection vulnerabilities. Our scanner detects GraphQL endpoints, tests introspection access, checks for query complexity limits, and scans for injection vectors in GraphQL variables.
What this scanner does
Discovers GraphQL endpoints, tests introspection queries, checks for query depth/complexity limits, tests for injection in variables and arguments, and verifies authentication on sensitive queries and mutations.
Why it matters
An exposed GraphQL introspection endpoint reveals your entire API schema to attackers. Without query depth limits, attackers can craft deeply nested queries that crash your server. GraphQL injection can bypass authorization and access unauthorized data.
Common findings
OWASP Top 10 coverage
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Vulnerability Detection
Detect SQL injection vulnerabilities in your web application before attackers exploit them.
Vulnerability Detection
Detect exposed API keys, tokens, and secrets in your frontend code and responses.
Vulnerability Detection
Test form fields and API inputs for proper validation and sanitization.
