crates.io package
apollo-router
pkg:cargo/apollo-router
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-64347 | Hig | 7.5 | < 1.61.12 | 1.61.12 | Nov 7, 2025 | Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives (@authenticate | |
| CVE-2025-64173 | Hig | 7.5 | < 1.61.12 | 1.61.12 | Nov 6, 2025 | Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required addi | |
| CVE-2025-32380 | Hig | 7.5 | < 1.61.2 | 1.61.2 | Apr 9, 2025 | The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be pro | |
| CVE-2025-32034 | Hig | 7.5 | < 1.61.2 | 1.61.2 | Apr 7, 2025 | The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be pro | |
| CVE-2025-32033 | Hig | 7.5 | < 1.61.2 | 1.61.2 | Apr 7, 2025 | The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters (e.g. for a query's he | |
| CVE-2025-32032 | Hig | 7.5 | < 1.61.2 | 1.61.2 | Apr 7, 2025 | The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to que | |
| CVE-2024-43414 | — | < 1.52.1 | 1.52.1 | Aug 27, 2024 | Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by a | ||
| CVE-2024-43783 | — | >= 1.7.0, < 1.52.1 | 1.52.1 | Aug 27, 2024 | The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a denial of service vulnerability if _all_ of | ||
| CVE-2024-32971 | Cri | 9.0 | >= 1.44.0, < 1.45.1 | 1.45.1 | May 2, 2024 | Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in un | |
| CVE-2024-28101 | — | >= 0.9.5, < 1.40.2 | 1.40.2 | Mar 6, 2024 | The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluat | ||
| CVE-2023-45812 | — | >= 1.31.0, < 1.33.0 | 1.33.0 | Oct 18, 2023 | The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when a multi- | ||
| CVE-2023-41317 | — | >= 1.28.0, < 1.29.1 | 1.29.1 | Sep 5, 2023 | The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQ |
- affected < 1.61.12fixed 1.61.12
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives (@authenticate
- affected < 1.61.12fixed 1.61.12
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required addi
- affected < 1.61.2fixed 1.61.2
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be pro
- affected < 1.61.2fixed 1.61.2
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be pro
- affected < 1.61.2fixed 1.61.2
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters (e.g. for a query's he
- affected < 1.61.2fixed 1.61.2
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to que
- CVE-2024-43414Aug 27, 2024affected < 1.52.1fixed 1.52.1
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by a
- CVE-2024-43783Aug 27, 2024affected >= 1.7.0, < 1.52.1fixed 1.52.1
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a denial of service vulnerability if _all_ of
- affected >= 1.44.0, < 1.45.1fixed 1.45.1
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in un
- CVE-2024-28101Mar 6, 2024affected >= 0.9.5, < 1.40.2fixed 1.40.2
The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluat
- CVE-2023-45812Oct 18, 2023affected >= 1.31.0, < 1.33.0fixed 1.33.0
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when a multi-
- CVE-2023-41317Sep 5, 2023affected >= 1.28.0, < 1.29.1fixed 1.29.1
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQ