24 matches found
@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-27903 via minimatch (>=8.0.2 <=8.0.4)
minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-27903 Source advisory: OSV:GHSA-7R86-CG39-JMMJ...
@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-27904 via minimatch (>=8.0.2 <=8.0.4)
minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-27904 Source advisory: OSV:GHSA-23C5-XMQV-RM74...
@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-27904 via minimatch (>=8.0.2 <=8.0.4)
minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-27904 Source advisory: SNYK:JS-MINIMATCH-15353387...
@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-26996 via minimatch (>=8.0.2 <=8.0.4)
minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...
@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-26996 via minimatch (>=8.0.2 <=8.0.4)
minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-26996 Source advisory: SNYK:JS-MINIMATCH-15309438...
EUVD-2023-0727
Malicious code in bioql PyPI...
Arbitrary File Access
@graphql-mesh is vulnerable to Arbitrary File Access. The vulnerability is due to a missing validation check in the static file handler, which fails to restrict absolutePath to the designated staticFiles directory, allows attackers to access files outside the intended directory...
CVE-2025-27097
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...
CVE-2025-27098
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...
CVE-2025-27098
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...
CVE-2025-27097
Affected software: GraphQL Mesh (a GraphQL Federation framework/gateway). The issue stems from the LRU-based cache for DocumentNode used during transforms, causing the initial set of variables to be reused across subsequent requests with different variables. As a result, if tokens are supplied vi...
CVE-2025-27097 Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...
CVE-2025-27097 Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...
CVE-2025-27097 Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...
CVE-2025-27098 Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler in graphql-mesh
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...
CVE-2025-27098 Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler in graphql-mesh
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...
CVE-2025-27098
GraphQL Mesh exposes a path traversal vulnerability in its staticFiles handler. When serve.staticFiles is configured, the code path does not reliably constrain absolutePath to the staticFiles directory, allowing access to files outside the intended directory. Affects GraphQL Mesh and related CLI/...
CVE-2025-27098 Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler in graphql-mesh
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...
graphql-mesh 资源管理错误漏洞
graphql-mesh is an application by Arda TANRIKULU Individual Developer. A resource management error vulnerability exists in graphql-mesh, which stems from a flaw in the query variable caching mechanism that can lead to token reuse and memory leaks...
graphql-mesh 路径遍历漏洞
graphql-mesh is an application by Arda TANRIKULU Individual Developer. A path traversal vulnerability exists in graphql-mesh, which stems from a lack of checks in the static file handler that could lead to arbitrary file reads and leak server data...