2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +216 more potentially affected by CVE-2025-32030 via @apollo/gateway (>=0.10.4 <=2.10.0)

@apollo/gateway NPM version =0.10.4, =1.0.0, =1.0.0, =0.0.7, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2025-32030 Source advisory: OSV:GHSA-Q2F9-X4P4-7XMH...

Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragment...

GHSA-3J43-9V8V-CP3F Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

Impact Summary A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service. Details Named fragments were being processed...

Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

Impact Summary A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service. Details Named fragments were being processed...

inigo-rs (>=0.1.5 <=0.27.8) potentially affected by CVE-2025-32380 via apollo-router (=1.2.1)

apollo-router CARGO version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-router and may be impacted: - inigo-rs =0.1.5, =0.27.8 Source cves: CVE-2025-32380 Source advisory: OSV:GHSA-3J43-9V8V-CP3F...

GHSA-84M6-5M72-45FP Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow

Impact Summary A vulnerability in Apollo Router allowed certain queries to bypass configured operation limits, specifically due to integer overflow. Details The operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter exceeded the maxim...

inigo-rs (>=0.1.5 <=0.27.8) potentially affected by CVE-2025-32033 via apollo-router (=1.2.1)

apollo-router CARGO version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-router and may be impacted: - inigo-rs =0.1.5, =0.27.8 Source cves: CVE-2025-32033 Source advisory: OSV:GHSA-84M6-5M72-45FP...

Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow

Impact Summary A vulnerability in Apollo Router allowed certain queries to bypass configured operation limits, specifically due to integer overflow. Details The operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter exceeded the maxim...

GHSA-75M2-JHH5-J5G2 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

Impact Summary A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragments...

Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

Impact Summary A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragments...

inigo-rs (>=0.1.5 <=0.27.8) potentially affected by CVE-2025-32034 via apollo-router (=1.2.1)

apollo-router CARGO version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-router and may be impacted: - inigo-rs =0.1.5, =0.27.8 Source cves: CVE-2025-32034 Source advisory: OSV:GHSA-75M2-JHH5-J5G2...

inigo-rs (>=0.1.5 <=0.27.8) potentially affected by CVE-2025-32032 via apollo-router (=1.2.1)

apollo-router CARGO version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-router and may be impacted: - inigo-rs =0.1.5, =0.27.8 Source cves: CVE-2025-32032 Source advisory: OSV:GHSA-94HH-JMQ8-2FGP...

GHSA-94HH-JMQ8-2FGP Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

Impact Summary A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...

Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

Impact Summary A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...

Apollo Router Core 安全漏洞

Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core that stems from a query optimization bypass that could lead to a denial of service...

PT-2025-15295 · Unknown · Apollo Gateway

Name of the Vulnerable Software and Affected Versions: Apollo Gateway versions prior to 2.10.1 Description: A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, due to internal optimizations being frequently...

PT-2025-15298 · Unknown · Apollo Router Core

Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: The issue concerns a vulnerability in the Apollo Router Core that allows queries with deeply nested and reused named fragments to be...

PT-2025-15297 · Unknown · Apollo Router Core

Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: The issue arises from the operation limits plugin using unsigned 32-bit integers to track limit counters, such as a query's height. If a count...

Apollo Federation 安全漏洞

Apollo Federation is an architecture for the Apollo community to declaratively combine APIs into a unified graph. A security vulnerability exists in Apollo Federation versions prior to 2.10.1, which stems from improper handling of fragment extensions and could lead to a denial of service...

PT-2025-15293 · Unknown · Apollo-Compiler

Name of the Vulnerable Software and Affected Versions: apollo-compiler versions prior to 1.27.0 Description: The issue concerns a query-based compiler for the GraphQL query language. Prior to version 1.27.0, a vulnerability allowed queries with deeply nested and reused named fragments to be...