PT-2025-50572

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.10 through 18.4.5 GitLab CE/EE versions 18.5 through 18.5.3 GitLab CE/EE versions 18.6 through 18.6.1 Description An unauthenticated user could create a denial of service condition by sending crafted GraphQL queries th...

SQL Injection

Overview fraiseql is a GraphQL for the LLM era. Simple. Powerful. Rust-fast. Production-ready GraphQL API framework for PostgreSQL with CQRS, JSONB optimization, and type-safe mutations Affected versions of this package are vulnerable to SQL Injection due to missing validation of GraphQL context...

This Week in Spring - December 2nd, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring. By mistake, I inadvertently published older content in this installment, then tried to fix it and ended up re-publishing the same content. And, what's worse, I somehow ended up deleting the draft I had written for this...

VulnCheck KEV: CVE-2025-53364

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

EUVD-2025-199509

Malicious code in @antstackio/json-to-graphql npm...

EUVD-2025-199511

Malicious code in @antstackio/express-graphql-proxy npm...

EUVD-2025-199510

Malicious code in @antstackio/graphql-body-parser npm...

MAL-2025-191189 Malicious code in @antstackio/graphql-body-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ba2f487fb7920801336b5a03e7300f0ed4b0d6bcb39b1b05ba80549347dcdfa The package @antstackio/graphql-body-parser was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199453

Malicious code in @pergel/module-graphql npm...

MAL-2025-191286 Malicious code in @pergel/module-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ce0c82f79656be99edeef5afbd890a8a5720c0a0e6acbdd2ce273ed8c151c2c The package @pergel/module-graphql was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191188 Malicious code in @antstackio/express-graphql-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ae25cf8547b5efb95597b0e90ea4105e03417563ff724dd9c720c49b4c52d2 The package @antstackio/express-graphql-proxy was found to contain malicious code. Source: google-open-source-security...

This Week in Spring - Spring Boot 4 edition! - November 25th, 2025

Hi, Spring fans! Welcome to another illustrious installment of This Week in Spring! It’s Thanksgiving week here in the United States. Thanksgiving is traditionally celebrated with friends and family every fourth Thursday of November, gathered around a table full of food and, usually, a giant...

EUVD-2025-199290

Malicious code in @silgi/graphql npm...

Malicious code in nitro-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36ef7661deeec20f2ea8ef1c642811be2a627ee5e8b6a3f51cd61de1e421547b The package nitro-graphql was found to contain malicious code. Source: ghsa-malware a77bf7f130d454574e5e838c6ce7922e015408f32542a4b15e77d26698129fe3...

EUVD-2025-199120

Malicious code in nitro-graphql npm...

MAL-2025-191131 Malicious code in nitro-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36ef7661deeec20f2ea8ef1c642811be2a627ee5e8b6a3f51cd61de1e421547b The package nitro-graphql was found to contain malicious code. Source: ghsa-malware a77bf7f130d454574e5e838c6ce7922e015408f32542a4b15e77d26698129fe3...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

RHEL 9 : Satellite 6.17.6.1 Async Update (Moderate) (RHSA-2025:21893)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21893 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide...

CVE-2025-9825

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API...