@24hr/ettapi (>=0.0.1 <=0.2.5), @dzangolab/fastify-s3 (>=0.48.0 <=0.87.0) +1 more potentially affected by CVE-2025-65587 via graphql-upload-minimal (>=1.5.3 <=1.6.1)

graphql-upload-minimal NPM version =1.5.3, =0.0.1, =0.48.0, =0.88.0, =0.93.4 Source cves: CVE-2025-65587 Source advisory: SNYK:JS-GRAPHQLUPLOADMINIMAL-15682460...

Prototype Pollution

Overview graphql-upload-minimal is a Minimalistic and developer friendly middleware and an Upload scalar to add support for GraphQL multipart requests file uploads via queries and mutations to various Node.js GraphQL servers. Affected versions of this package are vulnerable to Prototype Pollution...

EUVD-2026-11178

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...

CVE-2026-1069

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...

CVE-2026-1069 Uncontrolled Recursion in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...

CVE-2026-1069 Uncontrolled Recursion in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...

CVE-2026-1069

GitLab CE/EE versions 18.9 before 18.9.2 are affected by an unauthenticated denial-of-service via specially crafted GraphQL requests that trigger uncontrolled recursion under certain conditions. The issue has been remediated in GitLab 18.9.2; patch/update to 18.9.2 or newer. Attacker access requi...

CVE-2026-1069

Removed by vendor...

CVE-2026-1069 Uncontrolled Recursion in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...

GHSA-7XG7-RQF6-PW6C Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Impact The GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API routes without master key authentication. This bypasses the master key enforcement that exists on the dedicated /graphql-config and...

Missing Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Missing Authorization via the generic /classes/GraphQLConfig and /classes/Audience REST API routes, which do not enforce...

EUVD-2026-10888

Parse Server: Classes GraphQLConfig and Audience master key bypass via generic class routes...

Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API

Impact An unauthenticated attacker can exhaust Parse Server resources CPU, memory, database connections through crafted queries that exploit the lack of complexity limits in the REST and GraphQL APIs. All Parse Server deployments using the REST or GraphQL API are affected. Patches The vulnerabili...

EUVD-2026-10862

Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API...

Allocation of Resources Without Limits or Throttling

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through unbounded query complexity in the REST and GraphQL APIs. An...

PT-2026-24712

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Both GitLab Enterprise Edition EE and GitLab Community Edition CE had...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Markdown placeholder processing impacts GitLab CE/EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Denial of Service issue in repository archive endpoint impacts GitLab CE/EE Denial of Service issue in protected branches API impacts GitL...

CVE-2026-30946

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior 9.5.2-alpha.2 and 8.6.15, an unauthenticated attacker can exhaust Parse Server resources CPU, memory, database connections through crafted queries that exploit the lack of complexity limi...

CVE-2026-31800 Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...