CVE-2025-64530

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...

CVE-2025-59845

Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...

CVE-2025-59845

Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...

Apollo Studio Embeddable Explorer & Embeddable Sandbox 跨站请求伪造漏洞

Apollo Studio Embeddable Explorer & Embeddable Sandbox is an open source vectorization tool for Apollo GraphQL. A cross-site request forgery vulnerability exists in Apollo Studio Embeddable Explorer & Embeddable Sandbox, which stems from a lack of source validation when client code handles the...