28 matches found
EUVD-2025-37182
Malicious code in egstore-graphql-client npm...
Malicious code in egstore-graphql-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8f78f2a6abccca4b462d391732c3bc43094be0be51d4d3cc06a1686d1b554e The package egstore-graphql-client was found to contain malicious code...
MAL-2025-49111 Malicious code in egstore-graphql-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8f78f2a6abccca4b462d391732c3bc43094be0be51d4d3cc06a1686d1b554e The package egstore-graphql-client was found to contain malicious code...
EUVD-2023-48171
Malicious code in bioql PyPI...
EUVD-2024-52315
Malicious code in bioql PyPI...
EUVD-2024-0403
Malicious code in bioql PyPI...
CVE-2024-54147
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
CVE-2023-43799
Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the...
graphql-ruby: Remote code execution when loading a crafted GraphQL schema
A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...
DEBIAN-CVE-2025-27407
graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...
CVE-2024-24556
urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...
CVE-2024-54147
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
CVE-2024-54147
The CVE-2024-54147 entry covers Altair GraphQL Client (desktop) prior to version 8.0.5, where the application does not validate HTTPS certificates. This weakness enables a man-in-the-middle on untrusted networks to intercept GraphQL request/response headers and bodies (including authorization tok...
Altair 信任管理问题漏洞
Altair is a beautiful and feature-rich GraphQL client IDE from the Altair GraphQL open source. A trust management issue vulnerability exists in Altair versions prior to 8.0.5, which stems from improper HTTPS certificate validation and allows a man-in-the-middle attacker to intercept all requests,...
PT-2024-36071 · Altair · Altair Graphql Client
Name of the Vulnerable Software and Affected Versions: Altair GraphQL Client versions prior to 8.0.5 Description: The issue arises from the Altair GraphQL Client's desktop app not validating HTTPS certificates, allowing a man-in-the-middle to intercept all requests. This can compromise GraphQL...
Design/Logic Flaw
urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...
CVE-2024-24556 XSS in @urql/next
urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...