7 matches found
EUVD-2024-0902
Malicious code in bioql PyPI...
CVE-2025-32380
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...
CVE-2025-32380
The CVE-2025-32380 issue affects Apollo Router Core (Rust). A vulnerability in the Router’s usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be excessively expensive to validate, triggering high resource consumption and potential denial of service. The roo...
GHSA-84M6-5M72-45FP Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow
Impact Summary A vulnerability in Apollo Router allowed certain queries to bypass configured operation limits, specifically due to integer overflow. Details The operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter exceeded the maxim...
GHSA-75M2-JHH5-J5G2 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
Impact Summary A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragments...
PT-2025-15756 · Apollo · Apollo Router
Name of the Vulnerable Software and Affected Versions: Apollo Router versions prior to 1.61.2 Apollo Router versions prior to 2.1.1 Description: A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive ...
PT-2023-27902 · Unknown · Apollo Router
Name of the Vulnerable Software and Affected Versions: Apollo Router versions 1.28.0 through 1.29.0 Description: The Apollo Router is subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. This can be triggered...