VYPR

npm package

@apollo/gateway

pkg:npm/%40apollo/gateway

Vulnerabilities (4)

  • CVE-2026-32621CriMar 16, 2026
    affected < 2.9.6fixed 2.9.6

    Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A m

  • CVE-2025-32031Apr 7, 2025
    affected < 2.10.1fixed 2.10.1

    Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specificall

  • CVE-2025-32030Apr 7, 2025
    affected < 2.10.1fixed 2.10.1

    Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specificall

  • CVE-2024-43414Aug 27, 2024
    affected >= 2.0.0, < 2.8.5fixed 2.8.5

    Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by a