1233 matches found
PT-2025-52487
Name of the Vulnerable Software and Affected Versions Glutton V1 affected versions not specified Description The Glutton V1 service had exposed endpoints on Gotham stacks without authentication. This allowed users without proper permissions to directly access the Glutton backend, potentially...
CVE-2025-64530
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
Apollo Federation has Improper Enforcement of Access Control on Transitive Fields
Summary A vulnerability in Apollo Federation's composition logic did not enforce that fields depending on protected data through @requires and/or @fromContext directives have the same access control requirements as the fields they reference. This allowed queries to access protected fields...
GHSA-M8JR-FXQX-8XX6 Apollo Federation has Improper Enforcement of Access Control on Transitive Fields
Summary A vulnerability in Apollo Federation's composition logic did not enforce that fields depending on protected data through @requires and/or @fromContext directives have the same access control requirements as the fields they reference. This allowed queries to access protected fields...
EUVD-2025-197661
Apollo Federation has Improper Enforcement of Access Control on Transitive Fields...
Incorrect Authorization
Overview @apollo/composition is an Apollo Federation composition utilities Affected versions of this package are vulnerable to Incorrect Authorization via the composition logic, which failed to validate that fields have the same access control requirements as the data they reference. An attacker...
EUVD-2025-180542
@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields...
GHSA-MX7M-J9XF-62HW @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields
Summary A vulnerability in Apollo Federation's composition logic allowed some queries to Apollo Router to improperly bypass access controls on types/fields. Apollo Federation incorrectly allowed user-defined access control directives on interface types/fields, which could be bypassed by instead...
@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields
Summary A vulnerability in Apollo Federation's composition logic allowed some queries to Apollo Router to improperly bypass access controls on types/fields. Apollo Federation incorrectly allowed user-defined access control directives on interface types/fields, which could be bypassed by instead...
Authentication Bypass Using an Alternate Path or Channel
Overview @apollo/composition is an Apollo Federation composition utilities Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel. An attacker can gain unauthorized access to restricted interface types or fields by crafting queries that target...
CVE-2025-64530
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
CVE-2025-64530
The CVE describes a vulnerability in Apollo Federation’s composition logic: in versions prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1, queries could bypass access controls on interface types/fields by querying implementing object types/fields via inline fragments, due to user-defined access control ...
CVE-2025-64530 @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
CVE-2025-64530 @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
CVE-2025-64530 @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
EUVD-2025-180383
Malicious code in apollo-nodejs-helmet-loglevel npm...
EUVD-2025-180384
Malicious code in apollo-ini-grunt-radiant npm...
EUVD-2025-176232
Malicious code in standard-apollo-tardigrade-perseus npm...
EUVD-2025-176487
Malicious code in scripts-jabbah-apollo-phenomic npm...
EUVD-2025-180382
Malicious code in apollo-redgiant-kardashevscale-pino npm...