Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1376)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-31496

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...

CVE-2025-32380

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...

CVE-2025-32380 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...

CVE-2025-32380

The CVE-2025-32380 issue affects Apollo Router Core (Rust). A vulnerability in the Router’s usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be excessively expensive to validate, triggering high resource consumption and potential denial of service. The roo...

CVE-2025-32380 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...

CVE-2025-32380 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...

SUSE-SU-2025:1186-1 Security update for expat

This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion bsc1239618 Other fixes: - version update to 2.7.1 jscPED-12500 Bug fixes: 980 989 Restore event pointer behavi...

CVE-2025-31496

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...

CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...

CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...

CVE-2025-31496

CVE-2025-31496 affects the Apollo Compiler (GraphQL) prior to version 1.27.0. The vulnerability arises from how deeply nested and reused named fragments are validated, where each named fragment could be processed once per fragment spread, causing exponential resource consumption and potential den...

GHSA-7MPV-9XG6-5R79 Apollo Compiler Named Fragment Processing Vulnerability

Impact Summary A vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service in applications. Details Named fragments were being processed once per...

apollo-encoder (>=0.6.0 <=0.7.0), apollo-parser (>=0.6.0 <=0.7.1) +1 more potentially affected by CVE-2025-31496 via apollo-compiler (>=0.10.0 <=0.11.0)

apollo-compiler CARGO version =0.10.0, =0.6.0, =0.6.0, =0.7.1 - apollo-smith =0.4.0 Source cves: CVE-2025-31496 Source advisory: OSV:GHSA-7MPV-9XG6-5R79...

Apollo Compiler Named Fragment Processing Vulnerability

Impact Summary A vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service in applications. Details Named fragments were being processed once per...

PT-2025-15293 · Unknown · Apollo-Compiler

Name of the Vulnerable Software and Affected Versions: apollo-compiler versions prior to 1.27.0 Description: The issue concerns a query-based compiler for the GraphQL query language. Prior to version 1.27.0, a vulnerability allowed queries with deeply nested and reused named fragments to be...

BIT-JOOMLA-2020-8420

An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of comtemplates causes a CSRF vulnerability...

CVE-2025-3031

CVE-2025-3031 : A vulnerability in Mozilla’s JIT-compiled code allows reading 32 bits spilled onto the stack. Affected products are Firefox and Thunderbird prior to version 137. Root cause, impact, and affected components are stated, but no exploitation details are provided in the documents. Reme...

Amazon Linux 2 : firefox (ALASFIREFOX-2025-036)

The version of firefox installed on the remote host is prior to 128.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-036 advisory. Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability...

@excelltechkylc/code-generator (>=1.0.0 <=1.0.1), @excelltechkylc/compiler (>=1.0.0 <=1.0.1) +5 more potentially affected by CVE-2024-38985 via depath (=1.0.6)

depath NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on depath and may be impacted: - @excelltechkylc/code-generator =1.0.0, =1.0.0, =1.0.6, =1.0.6, =1.0.0, =1.0.4 - vitis-lowcode-renderer =1.0.0 - vitis-lowcode-simulator-renderer...