1235 matches found
EUVD-2024-2554
Malicious code in bioql PyPI...
EUVD-2025-25337
Malicious code in bioql PyPI...
EUVD-2025-10286
Malicious code in bioql PyPI...
EUVD-2025-15479
Malicious code in bioql PyPI...
EUVD-2024-1741
Malicious code in bioql PyPI...
EUVD-2024-2576
Malicious code in bioql PyPI...
EUVD-2025-6196
Malicious code in bioql PyPI...
CVE-2025-59845
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
CVE-2025-59845
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
CVE-2025-59845
CVE-2025-59845 covers a CSRF flaw in Apollo Studio Embeddable Sandbox and Embeddable Explorer caused by missing origin validation in window.postMessage handling. The issue affects embedded Sandbox/Explorer prior to versions 2.7.2 and 3.7.3, allowing a malicious site to forge messages that trigger...
CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
@revisium/admin (>=1.4.0 <=2.0.0) potentially affected by CVE-2025-59845 via @apollo/sandbox (=2.7.1)
@apollo/sandbox NPM version =2.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on @apollo/sandbox and may be impacted: - @revisium/admin =1.4.0, =2.0.0 Source cves: CVE-2025-59845 Source advisory: OSV:GHSA-W87V-7W53-WWXV...
Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
Impact A Cross-Site Request Forgery CSRF vulnerability was identified in Apollo’s Embedded Sandbox and Embedded Explorer. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the...
@apollo/chakra-helpers (>=1.1.0 <=2.2.0), @backstage/plugin-apollo-explorer (>=0.0.0-nightly-20220719025614 <=0.1.17-next.2) potentially affected by CVE-2025-59845 via @apollo/explorer (>=0.2.1 <=2.0.2)
@apollo/explorer NPM version =0.2.1, =1.1.0, =0.0.0-nightly-20220719025614, =0.1.17-next.2 Source cves: CVE-2025-59845 Source advisory: OSV:GHSA-W87V-7W53-WWXV...
@revisium/admin (>=1.4.0 <=2.0.0) potentially affected by CVE-2025-59845 via @apollo/sandbox (=2.7.1)
@apollo/sandbox NPM version =2.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on @apollo/sandbox and may be impacted: - @revisium/admin =1.4.0, =2.0.0 Source cves: CVE-2025-59845 Source advisory: SNYK:JS-APOLLOSANDBOX-13110033...
Cross-site Request Forgery (CSRF)
Overview @apollo/sandbox is a This repo hosts the source for Apollo Studio's Embeddable Sandbox Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via missing origin validation in the window.postMessage process. An attacker can execute unauthorized GraphQL queries...
Cross-site Request Forgery (CSRF)
Overview @apollo/explorer is a This repo hosts the source for Apollo Studio's Embeddable Explorer Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via missing origin validation in the window.postMessage process. An attacker can execute unauthorized GraphQL queri...
MAL-2025-47674 Malicious code in gatsby-plugin-apollo-onetrust (npm)
--- -= Per source details. Do not edit below this line.=-...