EUVD-2025-7224

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-27407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21,...

Remote Code Execution (RCE)

graphql-ruby is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe schema loading due to the ability to execute arbitrary code when processing a malicious schema definition using GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load from an untrusted source...

CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

PT-2025-11114

Name of the Vulnerable Software and Affected Versions graphql-ruby versions 1.11.5 through 1.11.7 graphql-ruby versions 1.12.0 through 1.12.24 graphql-ruby versions 1.13.0 through 1.13.23 graphql-ruby versions 2.0.0 through 2.0.31 graphql-ruby versions 2.1.0 through 2.1.13 graphql-ruby versions...