CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3131 matches found

RedhatCVE•added 2025/04/09 11:19 p.m.•17 views

CVE-2025-32030

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named...

7.5CVSS6.8AI score0.0043EPSS

Exploits0References1

RedhatCVE•added 2025/04/09 11:18 p.m.•12 views

CVE-2025-32031

7.5CVSS6.7AI score0.00488EPSS

Exploits0References1

IBM Security Bulletins•added 2025/04/08 1:2 p.m.•11 views

Security Bulletin: Due to use of WebSphere Liberty, IBM Cloud Pak Sys is vulnerable to a Denial of Service

Summary WebSphere Liberty is used by IBM Cloud Pak System as part of the WebSphere Liberty pattern type using GraphQL Java CVE-2024-40094. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly...

5.3CVSS7AI score0.00943EPSS

Exploits2Affected Software1

NVD•added 2025/04/07 9:15 p.m.•11 views

CVE-2025-32031

7.5CVSS0.00488EPSS

Exploits0References3

OSV•added 2025/04/07 8:44 p.m.•17 views

CVE-2025-32032 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan,...

7.5CVSS6.5AI score0.00483EPSS

Exploits0References5

OSV•added 2025/04/07 8:41 p.m.•4 views

CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

7.5CVSS6.5AI score0.00488EPSS

Exploits0References5

OSV•added 2025/04/07 8:38 p.m.•8 views

CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

7.5CVSS6.5AI score0.0043EPSS

Exploits0References5

Github Security Blog•added 2025/04/07 7:3 p.m.•13 views

Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...

7.5CVSS7AI score0.00488EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2025/04/05 8:31 p.m.•16 views

CVE-2025-31485

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

7.5CVSS6.6AI score0.00411EPSS

Exploits0References1

OSV•added 2025/04/04 2:19 p.m.•12 views

GHSA-428Q-Q3VV-3FQ3 GraphQL grant on a property might be cached with different objects

Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...

7.5CVSS7.1AI score0.00411EPSS

Exploits0References8

Github Security Blog•added 2025/04/04 2:19 p.m.•45 views

GraphQL grant on a property might be cached with different objects

7.5CVSS7.1AI score0.00411EPSS

Exploits0References8Affected Software2

OSV•added 2025/04/04 2:7 p.m.•15 views

GHSA-CG3C-245W-728M GraphQL query operations security can be bypassed

Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...

7.5CVSS7.4AI score0.00412EPSS

Exploits0References9

Github Security Blog•added 2025/04/04 2:7 p.m.•50 views

GraphQL query operations security can be bypassed

7.5CVSS7.4AI score0.00412EPSS

Exploits0References9Affected Software2

NVD•added 2025/04/03 8:15 p.m.•20 views

CVE-2025-31485

7.5CVSS0.00411EPSS

Exploits0References4

Snyk•added 2025/04/03 7:47 p.m.•2 views

Incorrect Behavior Order

Overview api-platform/graphql is an API Platform GraphQL component. Affected versions of this package are vulnerable to Incorrect Behavior Order due to the ItemNormalizer::isCacheKeySafe method. An attacker can access sensitive information by exploiting the improper cache key generation. Workarou...

8.7CVSS6.7AI score0.00411EPSS

Exploits0References2

Snyk•added 2025/04/03 7:42 p.m.•4 views

Incorrect Authorization

Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Incorrect Authorization via the Relay special node type. An attacker can access data or operations that should be restricted by bypassing the configure...

7.5CVSS6.9AI score0.00412EPSS

Exploits0References2

Snyk•added 2025/04/03 7:42 p.m.•2 views

Incorrect Authorization

Overview api-platform/graphql is an API Platform GraphQL component. Affected versions of this package are vulnerable to Incorrect Authorization via the Relay special node type. An attacker can access data or operations that should be restricted by bypassing the configured security controls. Note:...

7.5CVSS7AI score0.00412EPSS

Exploits0References2

OSV•added 2025/04/03 7:31 p.m.•19 views

CVE-2025-31485 GraphQL grant on a property might be cached with different objects

7.5CVSS6.4AI score0.00411EPSS

Exploits0References6