1235 matches found
WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Apollo | Night Club, DJ Event WordPress Theme versions = 1.3.1...
CVE-2026-23897
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897 Apollo Server is vulnerable to denial of service with `startStandaloneServer`
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897 Apollo Server is vulnerable to denial of service with `startStandaloneServer`
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897
CVE-2026-23897 affects Apollo Server when using the default configuration of startStandaloneServer from @apollo/server/standalone. Versions 2.0.0–3.13.0, 4.2.0–before 4.13.0, and 5.0.0–before 5.4.0 are vulnerable to Denial of Service via specially crafted request bodies with exotic character set ...
EUVD-2026-5364
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897 Apollo Server is vulnerable to denial of service with `startStandaloneServer`
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
@apollo/server-integration-testsuite (>=5.0.0 <=5.3.0), @commitspark/graphql-api (>=1.0.0-beta.3 <=1.0.0-beta.6) +22 more potentially affected by CVE-2026-23897 via @apollo/server (>=5.0.0 <=5.3.0)
@apollo/server NPM version =5.0.0, =5.0.0, =1.0.0-beta.3, =1.217.0, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.21.0 and more Source cves: CVE-2026-23897 Source advisory: OSV:GHSA-MP6Q-XF9X-FWF7...
4m-node-server (>=0.0.1 <=0.0.8), @2109-t5/server (>=1.0.0 <=1.0.9) +987 more potentially affected by CVE-2026-23897 via apollo-server (>=0.1.5 <=3.9.0)
apollo-server NPM version =0.1.5, =0.0.1, =1.0.0, =0.5.0, =0.0.1, =0.1.1, =0.0.1, =1.0.7, =0.4.0-alpha.0, =10.4.0, =9.0.0, =10.0.0, =11.2.0 and more Source cves: CVE-2026-23897 Source advisory: SNYK:JS-APOLLOSERVER-15208674...
Apollo Serve vulnerable to Denial of Service with `startStandaloneServer`
Impact The default configuration of startStandaloneServer from @apollo/server/standalone is vulnerable to Denial of Service DoS attacks through specially crafted request bodies with exotic character set encodings. This issue does not affect users that use @apollo/server as a dependency for...
Regular Expression Denial of Service (ReDoS)
Overview apollo-server is a Production ready GraphQL Server Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the startStandaloneServer function. An attacker can cause the server to become unresponsive by sending specially crafted request bodies wi...
Regular Expression Denial of Service (ReDoS)
Overview @apollo/server is a spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. Successor to apollo-server-core, et al. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the startStandaloneServer...
@apollo/server-integration-testsuite (>=5.0.0 <=5.3.0), @commitspark/graphql-api (>=1.0.0-beta.3 <=1.0.0-beta.6) +22 more potentially affected by CVE-2026-23897 via @apollo/server (>=5.0.0 <=5.3.0)
@apollo/server NPM version =5.0.0, =5.0.0, =1.0.0-beta.3, =1.217.0, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.21.0 and more Source cves: CVE-2026-23897 Source advisory: SNYK:JS-APOLLOSERVER-15208673...
4m-node-server (>=0.0.1 <=0.0.8), @2109-t5/server (>=1.0.0 <=1.0.9) +955 more potentially affected by CVE-2026-23897 via apollo-server (>=2.0.0 <=3.13.0)
apollo-server NPM version =2.0.0, =0.0.1, =1.0.0, =0.5.0, =0.1.0, =0.4.52, =0.0.1, =1.0.7, =0.4.0-alpha.0, =10.4.0, =9.0.0, =10.0.0, =11.2.0 and more Source cves: CVE-2026-23897 Source advisory: OSV:GHSA-MP6Q-XF9X-FWF7...
GHSA-MP6Q-XF9X-FWF7 Apollo Serve vulnerable to Denial of Service with `startStandaloneServer`
Impact The default configuration of startStandaloneServer from @apollo/server/standalone is vulnerable to Denial of Service DoS attacks through specially crafted request bodies with exotic character set encodings. This issue does not affect users that use @apollo/server as a dependency for...
PT-2026-6185
Name of the Vulnerable Software and Affected Versions Apollo Server versions 2.0.0 through 3.13.0 Apollo Server versions 4.2.0 through 4.13.0 Apollo Server versions 5.0.0 through 5.4.0 Description Apollo Server, a GraphQL server, is susceptible to denial of service DoS attacks. This occurs due to...
@apollo/server 安全漏洞
@apollo/server is a JavaScript code package open-sourced by Apollo GraphQL. Versions prior to 3.13.0, 4.13.0, and 5.4.0 of @apollo/server contain security vulnerabilities. These vulnerabilities stem from improper handling of encoded requests using special character sets in the default...
PT-2026-6451
Impact The default configuration of startStandaloneServer from @apollo/server/standalone is vulnerable to Denial of Service DoS attacks through specially crafted request bodies with exotic character set encodings. This issue does not affect users that use @apollo/server as a dependency for...