CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/25 7:9 a.m.•5 views

Malicious Package

Overview apollo-vertex is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/25 7:9 a.m.•3 views

Malicious Package

Overview apollo-landing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/12 3:27 a.m.•5 views

Malicious code in @uipath/apollo-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef4195af9b94b5185e9243c35beefab6d9cf593b7b51e5de55aa5289336ff5f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

vulnersOsv•added 2026/05/12 3:27 a.m.•5 views

@uipath/ap-chat (=1.5.6), @uipath/apollo-react (>=3.64.0 <=4.24.2) +1 more potentially affected by unknown CVE via @uipath/apollo-wind (>=2.0.0 <=2.16.1)

@uipath/apollo-wind NPM version =2.0.0, =3.64.0, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3533...

vulnersOsv•added 2026/05/12 3:26 a.m.•4 views

@uipath/ap-chat (=1.5.6) potentially affected by unknown CVE via @uipath/apollo-react (=4.24.2)

@uipath/apollo-react NPM version =4.24.2 is affected by a known vulnerability. The following packages have a transitive dependency on @uipath/apollo-react and may be impacted: - @uipath/ap-chat =1.5.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3532...

OSSF Malicious Packages•added 2026/05/12 3:26 a.m.•8 views

Malicious code in @uipath/apollo-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235b3abc1afad9d8a47430183286bbef61e16f74be20b29c7d967a8d528ecdf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

vulnersOsv•added 2026/05/12 3:26 a.m.•7 views

@uipath/ap-chat (>=1.4.6 <=1.5.6), @uipath/apollo-react (>=3.26.1 <=4.24.2) +4 more potentially affected by unknown CVE via @uipath/apollo-core (>=5.6.2 <=5.9.1)

@uipath/apollo-core NPM version =5.6.2, =1.4.6, =3.26.1, =0.7.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3531...

OSV•added 2026/05/12 3:26 a.m.•2 views

MAL-2026-3531 Malicious code in @uipath/apollo-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94aed6ca418c20be592feb819ad0ca041b5174750fb7f616d309cf6638448202 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/12 3:26 a.m.•3 views

Malicious code in @uipath/apollo-core (npm)

Veracode•added 2026/05/08 7:45 a.m.•7 views

Improper Access Control

Apollo Federation is vulnerable to improper access control. The vulnerability is due to improper enforcement of user-defined access control directives on interface types and fields, which allows an attacker to bypass access restrictions by querying implementing object types and fields through...

7.5CVSS5.8AI score0.00139EPSS

Exploits0References5Affected Software1

OSV•added 2026/04/25 5:55 p.m.•0 views

MAL-2026-3040 Malicious code in apollo-vertex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea184ad5469def11090bb56f964419126c2f809ebce868fae9f5f88e0a641ccf The package apollo-vertex was found to contain malicious code. Source: ghsa-malware 8569a9d8f7822b4c1ca08fbd1d1860baca28935523892e344f2839845485541c...

OSSF Malicious Packages•added 2026/04/25 5:55 p.m.•7 views

Malicious code in apollo-vertex (npm)

OSV•added 2026/04/25 5:35 p.m.•3 views

MAL-2026-3038 Malicious code in apollo-landing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47cb6abcb11f6d62fb52ef331d93bf4c2d5faacb9a4f91386aa6fb06e03b7bef The package apollo-landing was found to contain malicious code. Source: ghsa-malware ed937449ad5ded3d0430063ec8da96faa5c685d89f612418710856e92d1b6438...

OSSF Malicious Packages•added 2026/04/25 5:35 p.m.•6 views

Malicious code in apollo-landing (npm)

vulnersOsv•added 2026/04/16 10:34 p.m.•3 views

2mxdev-gql-gateway (=1.0.0), 4m-node-server (>=0.0.1 <=0.0.8) +2866 more potentially affected by CVE-2026-41242 via @apollo/protobufjs (>=1.1.0 <=1.2.7)

@apollo/protobufjs NPM version =1.1.0, =0.0.1, =1.0.2, =3.10.1, =1.2.0-pre.24, =1.0.1, =1.0.0, =1.0.0, =0.5.0, =1.0.0, =0.0.1, =0.1.1, =0.0.1, =1.0.7, =1.0.17 and more Source cves: CVE-2026-41242 Source advisory: SNYK:JS-APOLLOPROTOBUFJS-16321047...

9.8CVSS6AI score0.00026EPSS

Exploits1

RedhatCVE•added 2026/04/13 7:23 p.m.•2 views

CVE-2026-35577

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

8.1CVSS5.8AI score0.00027EPSS