Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3121 matches found

Github Security Blog
Github Security Blogadded 2025/04/04 2:19 p.m.43 views

GraphQL grant on a property might be cached with different objects

Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...

7.5CVSS7.1AI score0.00387EPSS
Exploits0References8Affected Software2
OSV
OSVadded 2025/04/04 2:7 p.m.15 views

GHSA-CG3C-245W-728M GraphQL query operations security can be bypassed

Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...

7.5CVSS7.4AI score0.00388EPSS
Exploits0References9
Github Security Blog
Github Security Blogadded 2025/04/04 2:7 p.m.48 views

GraphQL query operations security can be bypassed

Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...

7.5CVSS7.4AI score0.00388EPSS
Exploits0References9Affected Software2
NVD
NVDadded 2025/04/03 8:15 p.m.18 views

CVE-2025-31485

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

7.5CVSS0.00387EPSS
Exploits0References4
Snyk
Snykadded 2025/04/03 7:47 p.m.2 views

Incorrect Behavior Order

Overview api-platform/graphql is an API Platform GraphQL component. Affected versions of this package are vulnerable to Incorrect Behavior Order due to the ItemNormalizer::isCacheKeySafe method. An attacker can access sensitive information by exploiting the improper cache key generation. Workarou...

8.7CVSS6.7AI score0.00387EPSS
Exploits0References2
Snyk
Snykadded 2025/04/03 7:42 p.m.2 views

Incorrect Authorization

Overview api-platform/graphql is an API Platform GraphQL component. Affected versions of this package are vulnerable to Incorrect Authorization via the Relay special node type. An attacker can access data or operations that should be restricted by bypassing the configured security controls. Note:...

7.5CVSS7AI score0.00388EPSS
Exploits0References2
Snyk
Snykadded 2025/04/03 7:42 p.m.4 views

Incorrect Authorization

Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Incorrect Authorization via the Relay special node type. An attacker can access data or operations that should be restricted by bypassing the configure...

7.5CVSS6.9AI score0.00388EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/04/03 7:31 p.m.13 views

CVE-2025-31485 GraphQL grant on a property might be cached with different objects

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

7.5CVSS7.3AI score0.00387EPSS
Exploits0References4
OSV
OSVadded 2025/04/03 7:31 p.m.19 views

CVE-2025-31485 GraphQL grant on a property might be cached with different objects

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

7.5CVSS6.4AI score0.00387EPSS
Exploits0References6
Cvelist
Cvelistadded 2025/04/03 7:31 p.m.23 views

CVE-2025-31485 GraphQL grant on a property might be cached with different objects

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

7.5CVSS0.00387EPSS
Exploits0References4
CVE
CVEadded 2025/04/03 7:31 p.m.89 views

CVE-2025-31485

API Platform Core (GraphQL support) is affected by CVE-2025-31485. Prior to versions 4.0.22 and 3.4.17, a GraphQL grant on a property could be cached with different objects due to the caching behavior of ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() plus the subsequent cache key...

7.5CVSS7.3AI score0.00387EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/04/03 7:20 p.m.16 views

CVE-2025-31481 GraphQL query operations security can be bypassed

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17...

7.5CVSS7.4AI score0.00388EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/04/03 7:20 p.m.29 views

CVE-2025-31481 GraphQL query operations security can be bypassed

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17...

7.5CVSS0.00388EPSS
Exploits0References4
Friends Of PHP
Friends Of PHPadded 2025/04/03 3:3 p.m.10 views

GraphQL grant on a property might be cached with different objects

Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...

7.5CVSS6.8AI score0.00387EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2025/04/03 3:2 p.m.10 views

GraphQL query operations security can be bypassed

Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...

7.5CVSS7.2AI score0.00388EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologiesadded 2025/04/03 12:0 a.m.3 views

PT-2025-14796 · Unknown · Api Platform Core

Name of the Vulnerable Software and Affected Versions: API Platform Core versions prior to 4.0.22 Description: The issue concerns a caching problem in GraphQL grants on properties, which can lead to incorrect caching with different objects. The...

7.5CVSS6.2AI score0.00387EPSS
Exploits0References13
Positive Technologies
Positive Technologiesadded 2025/04/03 12:0 a.m.4 views

PT-2025-14792

Name of the Vulnerable Software and Affected Versions API Platform Core versions prior to 4.0.22 Description The issue allows bypassing configured security on an operation using the Relay special node type in hypermedia-driven REST and GraphQL APIs. Recommendations For versions prior to 4.0.22,...

7.5CVSS6.6AI score0.00388EPSS
Exploits0References18
RedHat Linux
RedHat Linuxadded 2025/04/01 3:20 p.m.17 views

graphql-ruby: Remote code execution when loading a crafted GraphQL schema

A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...

9CVSS6.1AI score0.02865EPSS
Exploits2References13
RedHat Linux
RedHat Linuxadded 2025/04/01 3:15 p.m.3 views

graphql-ruby: Remote code execution when loading a crafted GraphQL schema

A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...

9CVSS6.1AI score0.02865EPSS
Exploits2References13
RedHat Linux
RedHat Linuxadded 2025/04/01 3:15 p.m.3 views

graphql-ruby: Remote code execution when loading a crafted GraphQL schema

A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...

9CVSS6.1AI score0.02865EPSS
Exploits2References13
Rows per page
Query Builder