PT-2026-6185

Name of the Vulnerable Software and Affected Versions Apollo Server versions 2.0.0 through 3.13.0 Apollo Server versions 4.2.0 through 4.13.0 Apollo Server versions 5.0.0 through 5.4.0 Description Apollo Server, a GraphQL server, is susceptible to denial of service DoS attacks. This occurs due to...

PT-2026-6451

Impact The default configuration of startStandaloneServer from @apollo/server/standalone is vulnerable to Denial of Service DoS attacks through specially crafted request bodies with exotic character set encodings. This issue does not affect users that use @apollo/server as a dependency for...

@apollo/server 安全漏洞

@apollo/server is a JavaScript code package open-sourced by Apollo GraphQL. Versions prior to 3.13.0, 4.13.0, and 5.4.0 of @apollo/server contain security vulnerabilities. These vulnerabilities stem from improper handling of encoded requests using special character sets in the default...

Malicious code in typescript-react-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54ad53847415b01595a09cd7ec959129e610fe93b14b7f3ea880816bee2c8e97 The package typescript-react-apollo was found to contain malicious code. Source: ghsa-malware...

MAL-2026-668 Malicious code in typescript-react-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54ad53847415b01595a09cd7ec959129e610fe93b14b7f3ea880816bee2c8e97 The package typescript-react-apollo was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview typescript-react-apollo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

CVE-2025-68609

A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible...

CVE-2025-68609

A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible...

CVE-2025-68609

A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible...

CVE-2025-68609 Authentication bypass in Aries due to misconfiguration

A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible...

CVE-2025-68609

The connected records confirm CVE-2025-68609 affects Palantir’s Aries service running on Apollo instances, with unauthenticated access to log viewing/management when default configuration is used. The root issue is a bypass of authentication and authorization checks, potentially enabling any netw...

CVE-2025-68609 Authentication bypass in Aries due to misconfiguration

A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible...

PT-2026-4275

Name of the Vulnerable Software and Affected Versions Palantir Apollo Aries Service affected versions not specified Description A flaw exists in Palantir's Aries service that permitted unauthenticated access to log viewing and management features on Apollo instances when using the default...

5gasp-cli (>=0.1.0 <=0.4.0), ablator (=0.0.1b3) +353 more potentially affected by CVE-2026-22702 via virtualenv (>=12.1.1 <=20.35.4)

virtualenv PYPI version =12.1.1, =0.1.0, =2.0.1, =0.0.2, =0.1.0, =0.0.1a0, =0.2.0, =0.6.1.91, =1.5.0, =2024.7.4, =0.8.3b20230820, =0.8.3b20231012, =1.0.1b20240404 and more Source cves: CVE-2026-22702 Source advisory: OSV:GHSA-597G-3PHW-6986...

CVE-2023-25569

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...

CVE-2023-25570

Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...

CVE-2024-49587

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed...

EUVD-2024-55358

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed...

CVE-2024-49587 Glutton V1 endpoints missing authentication

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed...

CVE-2024-49587

CVE-2024-49587 concerns Glutton V1: unauthenticated endpoints on Gotham stacks could let attackers access backend data (read/update/delete). The issue is confirmed across Red Hat/NVD/CVE listings and related feeds, with a documented root cause of exposed service endpoints and no user authenticati...