Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1233 matches found

Snyk
Snykadded 2026/05/25 7:9 a.m.5 views

Malicious Package

Overview apollo-vertex is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/05/25 7:9 a.m.3 views

Malicious Package

Overview apollo-landing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/12 3:27 a.m.3 views

Malicious code in @uipath/apollo-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef4195af9b94b5185e9243c35beefab6d9cf593b7b51e5de55aa5289336ff5f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
vulnersOsv
vulnersOsvadded 2026/05/12 3:27 a.m.5 views

@uipath/ap-chat (=1.5.6), @uipath/apollo-react (>=3.64.0 <=4.24.2) +1 more potentially affected by unknown CVE via @uipath/apollo-wind (>=2.0.0 <=2.16.1)

@uipath/apollo-wind NPM version =2.0.0, =3.64.0, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3533...

5.8AI score
Exploits0
vulnersOsv
vulnersOsvadded 2026/05/12 3:26 a.m.4 views

@uipath/ap-chat (=1.5.6) potentially affected by unknown CVE via @uipath/apollo-react (=4.24.2)

@uipath/apollo-react NPM version =4.24.2 is affected by a known vulnerability. The following packages have a transitive dependency on @uipath/apollo-react and may be impacted: - @uipath/ap-chat =1.5.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3532...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/12 3:26 a.m.7 views

Malicious code in @uipath/apollo-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235b3abc1afad9d8a47430183286bbef61e16f74be20b29c7d967a8d528ecdf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
vulnersOsv
vulnersOsvadded 2026/05/12 3:26 a.m.6 views

@uipath/ap-chat (>=1.4.6 <=1.5.6), @uipath/apollo-react (>=3.26.1 <=4.24.2) +4 more potentially affected by unknown CVE via @uipath/apollo-core (>=5.6.2 <=5.9.1)

@uipath/apollo-core NPM version =5.6.2, =1.4.6, =3.26.1, =0.7.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3531...

5.8AI score
Exploits0
OSV
OSVadded 2026/05/12 3:26 a.m.2 views

MAL-2026-3531 Malicious code in @uipath/apollo-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94aed6ca418c20be592feb819ad0ca041b5174750fb7f616d309cf6638448202 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/12 3:26 a.m.1 views

Malicious code in @uipath/apollo-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94aed6ca418c20be592feb819ad0ca041b5174750fb7f616d309cf6638448202 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
Veracode
Veracodeadded 2026/05/08 7:45 a.m.6 views

Improper Access Control

Apollo Federation is vulnerable to improper access control. The vulnerability is due to improper enforcement of user-defined access control directives on interface types and fields, which allows an attacker to bypass access restrictions by querying implementing object types and fields through...

7.5CVSS5.8AI score0.00139EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/05/06 1:27 p.m.1 views

ROOT-APP-NPM-CVE-2026-23897 CVE-2026-23897 in @rootio/apollo__server - Patched by Root

Root has patched CVE-2026-23897 in the @rootio/apolloserver package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00023EPSS
Exploits0
OSV
OSVadded 2026/04/25 5:55 p.m.0 views

MAL-2026-3040 Malicious code in apollo-vertex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea184ad5469def11090bb56f964419126c2f809ebce868fae9f5f88e0a641ccf The package apollo-vertex was found to contain malicious code. Source: ghsa-malware 8569a9d8f7822b4c1ca08fbd1d1860baca28935523892e344f2839845485541c...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/25 5:55 p.m.6 views

Malicious code in apollo-vertex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea184ad5469def11090bb56f964419126c2f809ebce868fae9f5f88e0a641ccf The package apollo-vertex was found to contain malicious code. Source: ghsa-malware 8569a9d8f7822b4c1ca08fbd1d1860baca28935523892e344f2839845485541c...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/04/25 5:35 p.m.3 views

MAL-2026-3038 Malicious code in apollo-landing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47cb6abcb11f6d62fb52ef331d93bf4c2d5faacb9a4f91386aa6fb06e03b7bef The package apollo-landing was found to contain malicious code. Source: ghsa-malware ed937449ad5ded3d0430063ec8da96faa5c685d89f612418710856e92d1b6438...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/25 5:35 p.m.6 views

Malicious code in apollo-landing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47cb6abcb11f6d62fb52ef331d93bf4c2d5faacb9a4f91386aa6fb06e03b7bef The package apollo-landing was found to contain malicious code. Source: ghsa-malware ed937449ad5ded3d0430063ec8da96faa5c685d89f612418710856e92d1b6438...

5.8AI score
Exploits0References1
vulnersOsv
vulnersOsvadded 2026/04/16 10:34 p.m.3 views

2mxdev-gql-gateway (=1.0.0), 4m-node-server (>=0.0.1 <=0.0.8) +2866 more potentially affected by CVE-2026-41242 via @apollo/protobufjs (>=1.1.0 <=1.2.7)

@apollo/protobufjs NPM version =1.1.0, =0.0.1, =1.0.2, =3.10.1, =1.2.0-pre.24, =1.0.1, =1.0.0, =1.0.0, =0.5.0, =1.0.0, =0.0.1, =0.1.1, =0.0.1, =1.0.7, =1.0.17 and more Source cves: CVE-2026-41242 Source advisory: SNYK:JS-APOLLOPROTOBUFJS-16321047...

9.8CVSS6AI score0.00026EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2026/04/13 7:23 p.m.2 views

CVE-2026-35577

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

8.1CVSS5.8AI score0.00027EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/09 7:40 p.m.0 views

CVE-2026-35577

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS5.9AI score0.00027EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/04/09 7:40 p.m.16 views

CVE-2026-35577 Missing Host Header Validation in Apollo MCP Server for Localhost Deployments

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS0.00027EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/09 7:40 p.m.2 views

CVE-2026-35577 Missing Host Header Validation in Apollo MCP Server for Localhost Deployments

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS5.8AI score0.00027EPSS
Exploits0References3
Rows per page
Query Builder