MAL-2025-11772 Malicious code in @zalastax/nolb-graphql-x (npm)

The package @zalastax/nolb-graphql-x was found to contain malicious code...

MAL-2025-33127 Malicious code in shopify-graphql-cops (npm)

The package shopify-graphql-cops was found to contain malicious code...

MAL-2025-29541 Malicious code in postcss-loader-graphql-tachyon-cors (npm)

The package postcss-loader-graphql-tachyon-cors was found to contain malicious code...

MAL-2025-11758 Malicious code in @zalastax/nolb-graphql-j (npm)

The package @zalastax/nolb-graphql-j was found to contain malicious code...

MAL-2025-11777 Malicious code in @zalastax/nolb-graphql_ (npm)

The package @zalastax/nolb-graphql was found to contain malicious code...

Enhancing GraphQL Security by Detecting Malicious Queries Using Large Language Models, Sentence Transformers, and Convolutional Neural Networks

GraphQL's flexibility, while beneficial for efficient data fetching, introduces unique security vulnerabilities that traditional API security mechanisms often fail to address. Malicious GraphQL queries can exploit the language's dynamic nature, leading to denial-of-service attacks, data...

ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +17933 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.123.Final)

io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for July 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF004 and 24.0.0-IF006 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 t...

[SECURITY] [DLA 4263-1] ruby-graphql security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4263-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta August 04, 2025 https://wiki.debian.org/LTS -...

DLA-4263-1 ruby-graphql - security update

Bulletin has no description...

Debian dla-4263 : ruby-graphql - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4263 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4263-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DLA-4263-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint...

The vulnerability of the GraphQL interface of the Continuous Integration and Delivery application system JetBrains TeamCity, which allows a hacker to perform a CSRF attack

The vulnerability of the GraphQL interface of the Continuous Integration and Delivery application system CI/CD from JetBrains TeamCity is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint...

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint...

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint...

CVE-2025-54536

JetBrains TeamCity prior to 2025.07 exposes a CSRF vulnerability on the GraphQL endpoint (likely /api/graphql). Affected component: TeamCity server GraphQL handling. Root cause and exact exploit path are not detailed in the provided documents beyond the CSRF on GraphQL; exploitation is network-ac...

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint...

CVE-2025-8279

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...