3128 matches found
CVE-2025-53364
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
CVE-2025-53364 Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
CVE-2025-53364 Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
CVE-2025-53364 Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
CVE-2025-53364
Summary (Parse Server - GraphQL Schema Information Disclosure, CVE-2025-53364) The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. This could expose API structure metadata (not actual data), potentially increasin...
PT-2025-29105 · Unknown · Parse Server
Name of the Vulnerable Software and Affected Versions: Parse Server versions 5.3.0 through 7.5.3 Parse Server version 8.2.2 Description: Parse Server’s GraphQL API allowed public access to the GraphQL schema without requiring a session token or the master key in versions 5.3.0 through 7.5.3 and...
graphql-playground
This is a repository for the GraphQL Playground, a development environment for building and testing GraphQL APIs. The repository contains several packages, including GraphQL Playground HTML, GraphQL Playground Express Middleware, GraphQL Playground Koa Middleware, and GraphQL Playground Hapi...
Malicious code in graphql-commons (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4721ab2836126a35a1237cb7af09335a89464c67af8004442176ec9c009b24b4 Any computer that has this package installed or running should be considered...
MAL-2025-5627 Malicious code in graphql-commons (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4721ab2836126a35a1237cb7af09335a89464c67af8004442176ec9c009b24b4 Any computer that has this package installed or running should be considered...
Malicious code in cmr-graphql (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b805bd73c447ee03b3330e1a1ce27c4b8edef17d58376cd0a35c151f7c1250a0 Any computer that has this package installed or running should be considered...
MAL-2025-5624 Malicious code in cmr-graphql (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b805bd73c447ee03b3330e1a1ce27c4b8edef17d58376cd0a35c151f7c1250a0 Any computer that has this package installed or running should be considered...
LinkedIn: Improper Access Control - Access to "Active Hiring" (Premium feature) filter results
An access control vulnerability was identified in LinkedIn's people search functionality that allowed unauthorized access to premium "Active Hiring" filter results. The vulnerability was found in the GraphQL API endpoint where premium feature restrictions were not properly enforced, allowing user...
The vulnerability of the GraphQL API interface of the software platform based on git for collaborative code development on GitLab allows attackers to circumvent security restrictions and gain increased privileges.
The vulnerability of the GraphQL API interface of a software platform based on Git for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to bypass security restrictions and enhance their privileges b...
The vulnerability of the GraphQL API interface of the software platform based on git for collaborative code development on GitLab allows a hacker to trigger a service failure.
The vulnerability of the GraphQL API interface of a software platform based on Git for collaborative code development on GitLab is related to unlimited resource distribution. Exploiting this vulnerability allows an attacker, operating remotely, to cause service failures by sending specially craft...
This Week in Spring - July 1st, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's July!! This week, I'm on PTO, and as always, I'm looking for good reading material on the plane ride over for my holiday. Thank goodness for the ever-vibrant and awesome Spring community; there's tons of stuff to dive...
BIT-GITLAB-2025-3279 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests...
CVE-2025-3279
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests...
CVE-2025-5846
An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...
CVE-2025-3279
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests...
UBUNTU-CVE-2025-5846
An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...