VYPR
Vendor

Apollographql

Products
9
CVEs
24
Across products
24
Status
Private

Products

9

Recent CVEs

24
View all 24 CVEs →
  • CVE-2018-11241CriSep 21, 2018
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of Spring 2018.

  • CVE-2024-32971CriMay 2, 2024
    risk 0.52cvss 9.0epss 0.01

    Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in…

  • CVE-2025-59845HigSep 26, 2025
    risk 0.46cvss 8.2epss 0.00

    Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability…

  • CVE-2025-64530HigNov 13, 2025
    risk 0.42cvss 7.5epss 0.00

    Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls…

  • CVE-2025-64347HigNov 7, 2025
    risk 0.42cvss 7.5epss 0.00

    Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives…

  • CVE-2025-64173HigNov 6, 2025
    risk 0.42cvss 7.5epss 0.00

    Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required…

  • CVE-2025-32380HigApr 9, 2025
    risk 0.42cvss 7.5epss 0.00

    The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be…

  • CVE-2025-32034HigApr 7, 2025
    risk 0.42cvss 7.5epss 0.00

    The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be…

  • CVE-2025-32033HigApr 7, 2025
    risk 0.42cvss 7.5epss 0.01

    The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters (e.g. for a query's…

  • CVE-2025-32032HigApr 7, 2025
    risk 0.42cvss 7.5epss 0.01

    The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to…

  • CVE-2025-31496HigApr 7, 2025
    risk 0.42cvss 7.5epss 0.00

    apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per…

  • CVE-2026-35577MedApr 9, 2026
    risk 0.37cvss 6.8epss 0.00

    Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based…

  • CVE-2024-54147MedDec 9, 2024
    risk 0.37cvss 6.8epss 0.00

    Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks (eg. public wifi, malicious DNS servers)…

  • CVE-2026-23897Feb 4, 2026
    risk 0.00cvss epss 0.01

    Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from…

  • CVE-2025-32031Apr 7, 2025
    risk 0.00cvss epss 0.01

    Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan,…

  • CVE-2025-32030Apr 7, 2025
    risk 0.00cvss epss 0.00

    Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan,…

  • CVE-2024-43414Aug 27, 2024
    risk 0.00cvss epss 0.01

    Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by…

  • CVE-2024-43783Aug 27, 2024
    risk 0.00cvss epss 0.01

    The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a denial of service vulnerability if _all_…

  • CVE-2024-28101Mar 6, 2024
    risk 0.00cvss epss 0.01

    The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router…

  • CVE-2024-23841Jan 30, 2024
    risk 0.00cvss epss 0.00

    apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input…