2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +216 more potentially affected by CVE-2025-32031 via @apollo/gateway (>=0.10.4 <=2.10.0)

@apollo/gateway NPM version =0.10.4, =1.0.0, =1.0.0, =0.0.7, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2025-32031 Source advisory: OSV:GHSA-P2Q6-PWH5-M6JR...

2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +216 more potentially affected by CVE-2025-32030 via @apollo/gateway (>=0.10.4 <=2.10.0)

@apollo/gateway NPM version =0.10.4, =1.0.0, =1.0.0, =0.0.7, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2025-32030 Source advisory: OSV:GHSA-Q2F9-X4P4-7XMH...

PT-2025-15294 · Unknown · Apollo Gateway

Name of the Vulnerable Software and Affected Versions: Apollo Gateway versions prior to 2.10.1 Description: The issue concerns a vulnerability that allows queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansio...