14 matches found
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the OverlappingFieldsCanBeMerged validation rule. An attacker can exhaust server resources and cause service disruption by submitting specially crafted GraphQL queries containing numerous neste...
CVE-2026-30854
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to before version 9.5.0-alpha.10, when graphQLPublicIntrospection is disabled, type queries nested inside inline fragments e.g. ... on Query typename:"User" name bypa...
EUVD-2025-10284
Malicious code in bioql PyPI...
CVE-2025-32032
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan,...
CVE-2025-32031
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...
CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...
PT-2025-15296 · Apollo · Apollo Router Core
Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: A vulnerability in the Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan...
apollo-rs 安全漏洞
apollo-rs is an Apollo GraphQL open source compliant GraphQL tool in Rust. A security vulnerability exists in versions of apollo-rs prior to 1.27.0 that stems from improper handling of deeply nested fragments, which could lead to a denial of service...
CVE-2022-31173 Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually...
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
GraphQL behaviour Nested fragment in GraphQL might be quite hard to handle depending on the implementation language. Some language support natively a max recursion depth. However, on most compiled languages, you should add a threshold of recursion. graphql Infinite loop example query ...a fragmen...
GHSA-4RX6-G5VG-5F3J Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
GraphQL behaviour Nested fragment in GraphQL might be quite hard to handle depending on the implementation language. Some language support natively a max recursion depth. However, on most compiled languages, you should add a threshold of recursion. graphql Infinite loop example query ...a fragmen...
GHSA-XQ3C-8GQM-V648 async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow
Impact Executing deeply nested queries may cause stack overflow. Patches Upgrade to v4.0.6...
Denial of service on deeply nested fragment requests
Deeply nested fragments in a GraphQL request may cause a stack overflow in the server...
Denial of service on deeply nested fragment requests
Deeply nested fragments in a GraphQL request may cause a stack overflow in the server...