VYPR

Packagist (Composer) package

api-platform/graphql

pkg:composer/api-platform/graphql

Vulnerabilities (2)

  • CVE-2025-31485HigApr 3, 2025
    affected >= 4.0.0-alpha.1, < 4.0.22fixed 4.0.22

    API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() method is meant to prevent the ca

  • CVE-2025-31481HigApr 3, 2025
    affected >= 4.0.0-alpha.1, < 4.0.22fixed 4.0.22

    API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17.