Regular Expression Denial of Service (ReDoS)

Overview @apollo/server is a spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. Successor to apollo-server-core, et al. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the startStandaloneServer...

Information Exposure

Overview Versions of apollo-server-koa prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...

@axelspringer/mango-api (>=0.0.1-alpha <=1.0.0-beta.75), @carlosbajo/graphql-gateway (>=1.2.0 <=2.3.6) +39 more potentially affected by unknown CVE via apollo-server-koa (>=1.3.6 <=2.0.4)

apollo-server-koa NPM version =1.3.6, =0.0.1-alpha, =1.2.0, =2.8.1, =0.2.1, =0.2.6, =0.1.2, =6.1.0, =1.0.1, =0.0.9, =0.0.1, =1.0.3, =1.0.0, =2.8.1, =1.0.0, =1.4.56 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...