1. Support Center
  2. Issue Definitions
  3. GraphQL suggestions enabled

GraphQL suggestions enabled

Description: GraphQL suggestions enabled

GraphQL suggestions are an Apollo feature in which the server is configured to respond to invalid queries with suggestions for valid queries that have a similar syntax.

Suggestions can represent a significant security risk, as they enable attackers to glean information about a GraphQL schema even if introspection is disabled. By sending intentionally invalid queries and collating suggestions in responses, attackers can learn the names and structures of valid queries and mutations.

Remediation: GraphQL suggestions enabled

Ensure that you have disabled or otherwise masked error messages containing suggestions on your GraphQL server.


Vulnerability classifications

Typical severity


Type index (hex)


Type index (decimal)


Burp Scanner

This issue - and many more like it - can be found using our web vulnerability scanner

Read more

Get Burp

Scan your web application from just $449.00

Find out more