EUVD-2025-37139

Malicious code in epic-graphql-types npm...

EUVD-2025-37182

Malicious code in egstore-graphql-client npm...

Malicious code in epic-graphql-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c376798a5627e484210f37b857fe51b897583a6b740cd5acaff21bac776d12d5 The package epic-graphql-types was found to contain malicious code...

MAL-2025-49154 Malicious code in epic-graphql-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c376798a5627e484210f37b857fe51b897583a6b740cd5acaff21bac776d12d5 The package epic-graphql-types was found to contain malicious code...

MAL-2025-49111 Malicious code in egstore-graphql-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8f78f2a6abccca4b462d391732c3bc43094be0be51d4d3cc06a1686d1b554e The package egstore-graphql-client was found to contain malicious code...

MAL-2025-49153 Malicious code in epic-graphql-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cd084bb1d953fdf618916ebe2971c48ec09222cefe2ffde4698ef07d373707f The package epic-graphql-schema was found to contain malicious code...

CVE-2025-11447

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

Denial-of-Service (DoS)

Liferay Portal is vulnerable to a Denial-of-Service DoS. The vulnerability is due to the application not limiting the number of objects returned from GraphQL queries, which allows an attacker to execute queries that return a large number of objects and exhaust system resources...

EUVD-2025-35955

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

CVE-2025-11447

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

UBUNTU-CVE-2025-11447

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

CVE-2025-11447 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

CVE-2025-11447

Removed by vendor...

GitLab CE和EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions 11.0 through 18.3.5 prior...

PT-2025-43135

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.0 through 18.3.4 GitLab CE/EE versions 18.4 through 18.4.2 GitLab CE/EE versions 18.5 through 18.5.0 Description An issue has been resolved in GitLab CE/EE that could allow an unauthenticated attacker to cause a denial...

CVE-2025-62645

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...

CVE-2025-62645

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...

CVE-2025-62645

The RBI assistant platform (Restaurant Brands International) through 2025-09-06 is vulnerable: a remote authenticated attacker can obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation. The evidence across multiple sources confirms an impersona...

Restaurant Brands International assistant platform 安全漏洞

Restaurant Brands International assistant platform is a restaurant back office platform from Restaurant Brands International. A security vulnerability exists in Restaurant Brands International assistant platform version 2025-09-06 and earlier, which stems from a createToken GraphQL mutation that...

CVE-2025-62645

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...