16 matches found
EUVD-2025-10289
Malicious code in bioql PyPI...
CVE-2025-32380
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...
CVE-2025-31496
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...
CVE-2025-32380
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...
CVE-2025-32380 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...
CVE-2025-32380
The CVE-2025-32380 issue affects Apollo Router Core (Rust). A vulnerability in the Router’s usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be excessively expensive to validate, triggering high resource consumption and potential denial of service. The roo...
CVE-2025-32380 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...
CVE-2025-32380 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...
CVE-2025-31496
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...
CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...
CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...
CVE-2025-31496
CVE-2025-31496 affects the Apollo Compiler (GraphQL) prior to version 1.27.0. The vulnerability arises from how deeply nested and reused named fragments are validated, where each named fragment could be processed once per fragment spread, causing exponential resource consumption and potential den...
GHSA-7MPV-9XG6-5R79 Apollo Compiler Named Fragment Processing Vulnerability
Impact Summary A vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service in applications. Details Named fragments were being processed once per...
apollo-encoder (>=0.6.0 <=0.7.0), apollo-parser (>=0.6.0 <=0.7.1) +1 more potentially affected by CVE-2025-31496 via apollo-compiler (>=0.10.0 <=0.11.0)
apollo-compiler CARGO version =0.10.0, =0.6.0, =0.6.0, =0.7.1 - apollo-smith =0.4.0 Source cves: CVE-2025-31496 Source advisory: OSV:GHSA-7MPV-9XG6-5R79...
Apollo Compiler Named Fragment Processing Vulnerability
Impact Summary A vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service in applications. Details Named fragments were being processed once per...
PT-2025-15293 · Unknown · Apollo-Compiler
Name of the Vulnerable Software and Affected Versions: apollo-compiler versions prior to 1.27.0 Description: The issue concerns a query-based compiler for the GraphQL query language. Prior to version 1.27.0, a vulnerability allowed queries with deeply nested and reused named fragments to be...