CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

Snyk•added 2026/03/13 8:51 p.m.•0 views

Prototype Pollution

Overview @apollo/gateway is a library exporting utility functions. Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting operations wi...

9.9CVSS6.6AI score0.00043EPSS

Exploits0References2

vulnersOsv•added 2026/03/13 8:51 p.m.•1 views

@faasjs/graphql-server (>=0.0.2-beta.4 <=0.0.2-beta.253), @galdirik/common (>=1.0.52 <=1.1.42) +69 more potentially affected by CVE-2026-32621 via @apollo/gateway (>=2.0.0-preview.2 <=2.9.3)

@apollo/gateway NPM version =2.0.0-preview.2, =0.0.2-beta.4, =1.0.52, =1.7.3, =3.0.5, =3.0.4, =0.2.0, =0.11.46, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =8.6.7, =6.0.0-dev.156-swarm.1, =0.7.0-alpha.3, =0.7.32 and more Source cves: CVE-2026-32621 Source advisory: SNYK:JS-APOLLOGATEWAY-15612461...

9.9CVSS5.8AI score0.00043EPSS

Exploits0

vulnersOsv•added 2026/03/13 8:51 p.m.•3 views

2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +272 more potentially affected by CVE-2026-32621 via @apollo/gateway (>=0.10.4 <=2.9.3)

@apollo/gateway NPM version =0.10.4, =1.0.0, =1.0.0, =0.0.7, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2026-32621 Source advisory: OSV:GHSA-PFJJ-6F4P-RVMH...

9.9CVSS5.8AI score0.00043EPSS

Exploits0

vulnersOsv•added 2026/03/13 8:51 p.m.•2 views

@apollo/gateway (>=2.0.0 <=2.14.0), @dfanchon/gateway (=2.11.0) +72 more potentially affected by CVE-2026-32621 via @apollo/query-planner (>=2.10.0-alpha.0 <=2.9.5)

@apollo/query-planner NPM version =2.10.0-alpha.0, =2.0.0, =0.0.2-beta.4, =1.0.52, =1.7.3, =3.0.5, =3.0.4, =0.2.0, =0.11.46, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =8.6.7, =11.5.0 and more Source cves: CVE-2026-32621 Source advisory: SNYK:JS-APOLLOQUERYPLANNER-15612460...

9.9CVSS5.8AI score0.00043EPSS

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-10284

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00417EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-10283

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00628EPSS

Exploits0References5

Veracode•added 2025/04/16 11:16 a.m.•4 views

Denial Of Service (DoS)

@apollo/gateway is vulnerable to a Denial Of Service DoS. The vulnerability is due to inefficient query planning due to internal optimizations being bypassed when processing deeply nested and reused named fragments...

7.5CVSS6.6AI score0.00417EPSS

Exploits0References5Affected Software1

Veracode•added 2025/04/16 11:7 a.m.•7 views

Denial Of Service (DoS)

Apollo Gateway is vulnerable to a Denial of Service DoS. The vulnerability is due to inefficient query planning due to deeply nested and reused named fragments that cause excessive resource consumption during named fragment expansion...

7.5CVSS6.6AI score0.00628EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2025/04/09 11:19 p.m.•12 views

CVE-2025-32030

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named...

7.5CVSS6.8AI score0.00628EPSS

Exploits0References1

RedhatCVE•added 2025/04/09 11:18 p.m.•9 views

CVE-2025-32031

7.5CVSS6.7AI score0.00417EPSS

Exploits0References1

NVD•added 2025/04/07 9:15 p.m.•7 views

CVE-2025-32030

7.5CVSS0.00628EPSS

Exploits0References3

NVD•added 2025/04/07 9:15 p.m.•3 views

CVE-2025-32031

7.5CVSS0.00417EPSS

Exploits0References3

CVE•added 2025/04/07 8:41 p.m.•52 views

CVE-2025-32031

CVE-2025-32031 affects Apollo Gateway prior to version 2.10.1. The vulnerability stems from the GraphQL query planner, where deeply nested and reused named fragments can bypass an optimization that normally speeds query planning. This can lead to extremely long planning times and, because there i...

7.5CVSS7AI score0.00417EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2025/04/07 8:41 p.m.•6 views

CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

7.5CVSS7AI score0.00417EPSS

Exploits0References3

OSV•added 2025/04/07 8:41 p.m.•1 views

CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

7.5CVSS6.5AI score0.00417EPSS

Exploits0References5

Cvelist•added 2025/04/07 8:41 p.m.•9 views

CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

7.5CVSS0.00417EPSS

Exploits0References3

CVE•added 2025/04/07 8:38 p.m.•48 views

CVE-2025-32030

CVE-2025-32030 concerns Apollo Gateway (GraphQL federation). The vulnerability occurs prior to version 2.10.1, where queries using deeply nested and reused named fragments could trigger prohibitively expensive query planning. Specifically, named fragments were expanded once per fragment spread du...

7.5CVSS7AI score0.00628EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2025/04/07 8:38 p.m.•8 views

CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

7.5CVSS7AI score0.00628EPSS

Exploits0References3

OSV•added 2025/04/07 8:38 p.m.•1 views

CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

7.5CVSS6.5AI score0.00628EPSS

Exploits0References5

Cvelist•added 2025/04/07 8:38 p.m.•11 views

CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion