32 matches found
CVE-2026-6575 PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array
Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...
Astra Linux - уязвимость в postgresql-11
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
MongoDB Server -- Multiple vulnerabilities
https://jira.mongodb.org/browse/SERVER-114126 reports: Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. https://jira.mongodb.org/browse/SERVER-102364 reports: MongoDB Server may experience an out-of-memory failure while evaluating...
EUVD-2019-2172
Malware in sbrugna...
EUVD-2025-10287
Malicious code in bioql PyPI...
EUVD-2025-10284
Malicious code in bioql PyPI...
EUVD-2025-10286
Malicious code in bioql PyPI...
EUVD-2025-10283
Malicious code in bioql PyPI...
Denial Of Service (DoS)
@apollo/gateway is vulnerable to a Denial Of Service DoS. The vulnerability is due to inefficient query planning due to internal optimizations being bypassed when processing deeply nested and reused named fragments...
CVE-2025-32032
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan,...
CVE-2025-32034
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively...
CVE-2025-32031
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...
CVE-2025-32031
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...
CVE-2025-32032
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan,...
CVE-2025-32034 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively...
CVE-2025-32034
The CVE-2025-32034 vulnerability affects Apollo Router Core (Rust) prior to versions 1.61.2 and 2.1.1. It stems from how named fragments are expanded during query planning, causing exponential resource usage when deeply nested/reused fragments are present, potentially leading to denial of service...
CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named...
CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named...
GHSA-Q2F9-X4P4-7XMH Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragment...
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragment...