Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

apollographql — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting apollographql. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by apollographql:routerfederationapollo-client-nextjsapollo-rsembeddable-explorerapollo-serverapollo-mcp-server
CVE IDTitleCVSSSeverityPublished
CVE-2026-35577 Missing Host Header Validation in Apollo MCP Server for Localhost Deployments — apollo-mcp-serverCWE-346 6.8 Medium2026-04-09
CVE-2026-23897 Apollo Server is vulnerable to denial of service with `startStandaloneServer` — apollo-serverCWE-1333 7.5 High2026-02-04
CVE-2025-64530 @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields — federationCWE-288 7.5 High2025-11-13
CVE-2025-64347 Apollo Router Improperly Enforces Renamed Access Control Directives — routerCWE-284 7.5 High2025-11-07
CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types — routerCWE-288 7.5 High2025-11-06
CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass — embeddable-explorerCWE-346 8.2 High2025-09-26
CVE-2025-32380 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing — routerCWE-770 7.5 High2025-04-09
CVE-2025-32034 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion — routerCWE-770 7.5 High2025-04-07
CVE-2025-32033 Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow — routerCWE-119 7.5 High2025-04-07
CVE-2025-32032 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass — routerCWE-770 7.5 High2025-04-07
CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass — federationCWE-770 7.5 High2025-04-07
CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion — federationCWE-770 7.5 High2025-04-07
CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability — apollo-rsCWE-770 7.5 High2025-04-07
CVE-2024-43414 Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries — federationCWE-674 7.5 High2024-08-27
CVE-2024-43783 Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies — routerCWE-770 7.5 High2024-08-27
CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router — routerCWE-670 9.1 Critical2024-05-02
CVE-2024-28101 Apollo Router's Compressed Payloads do not respect HTTP Payload Limits — routerCWE-409 7.5 High2024-03-06
CVE-2024-23841 XSS in @apollo/experimental-nextjs-app-support — apollo-client-nextjsCWE-80 8.2 High2024-01-30
CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router — routerCWE-754 7.5 High2023-10-18
CVE-2023-41317 Unnamed "Subscription" operation results in Denial-of-Service in apollographql/router — routerCWE-755 7.5 High2023-09-05

This page lists every published CVE security advisory associated with apollographql. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.