VulnCheck KEV: CVE-2025-53364

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

EUVD-2025-199453

Malicious code in @pergel/module-graphql npm...

EUVD-2025-199509

Malicious code in @antstackio/json-to-graphql npm...

EUVD-2025-199511

Malicious code in @antstackio/express-graphql-proxy npm...

MAL-2025-191286 Malicious code in @pergel/module-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ce0c82f79656be99edeef5afbd890a8a5720c0a0e6acbdd2ce273ed8c151c2c The package @pergel/module-graphql was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191188 Malicious code in @antstackio/express-graphql-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ae25cf8547b5efb95597b0e90ea4105e03417563ff724dd9c720c49b4c52d2 The package @antstackio/express-graphql-proxy was found to contain malicious code. Source: google-open-source-security...

@antstackio/express-graphql-proxy (>=0.1.0 <=0.2.7), express-graphql-proxy (>=0.1.0 <=0.2.0) potentially affected by unknown CVE via @antstackio/graphql-body-parser (=0.1.0)

@antstackio/graphql-body-parser NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antstackio/graphql-body-parser and may be impacted: - @antstackio/express-graphql-proxy =0.1.0, =0.1.0, =0.2.0 Source cves: unknown CVE Source advisory:...

EUVD-2025-199510

Malicious code in @antstackio/graphql-body-parser npm...

MAL-2025-191189 Malicious code in @antstackio/graphql-body-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ba2f487fb7920801336b5a03e7300f0ed4b0d6bcb39b1b05ba80549347dcdfa The package @antstackio/graphql-body-parser was found to contain malicious code. Source: ghsa-malware...

This Week in Spring - Spring Boot 4 edition! - November 25th, 2025

Hi, Spring fans! Welcome to another illustrious installment of This Week in Spring! It’s Thanksgiving week here in the United States. Thanksgiving is traditionally celebrated with friends and family every fourth Thursday of November, gathered around a table full of food and, usually, a giant...

@pergel/graphql (>=0.0.0 <=0.2.0), pergeltest (>=0.0.15 <=0.0.17) potentially affected by unknown CVE via ts-relay-cursor-paging (=2.1.0)

ts-relay-cursor-paging NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on ts-relay-cursor-paging and may be impacted: - @pergel/graphql =0.0.0, =0.0.15, =0.0.17 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191437...

@silgi/graphql (>=0.3.3 <=0.7.14) potentially affected by unknown CVE via @silgi/permission (>=0.3.12 <=0.6.7)

@silgi/permission NPM version =0.3.12, =0.3.3, =0.7.14 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191317...

EUVD-2025-199290

Malicious code in @silgi/graphql npm...

MAL-2025-191131 Malicious code in nitro-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36ef7661deeec20f2ea8ef1c642811be2a627ee5e8b6a3f51cd61de1e421547b The package nitro-graphql was found to contain malicious code. Source: ghsa-malware a77bf7f130d454574e5e838c6ce7922e015408f32542a4b15e77d26698129fe3...

Malicious code in nitro-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36ef7661deeec20f2ea8ef1c642811be2a627ee5e8b6a3f51cd61de1e421547b The package nitro-graphql was found to contain malicious code. Source: ghsa-malware a77bf7f130d454574e5e838c6ce7922e015408f32542a4b15e77d26698129fe3...

EUVD-2025-199120

Malicious code in nitro-graphql npm...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

RHEL 9 : Satellite 6.17.6.1 Async Update (Moderate) (RHSA-2025:21893)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21893 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide...

CVE-2025-9825

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API...