@apollo/server Security Advisories - Npm

@apollo/server

npm

Core engine for Apollo GraphQL server

View on github.com · View on npmjs.org

Security Advisories for @apollo/server in npm

Moderate

2 months ago

Apollo Server: Browser bug allows for bypass of XS-Search (read-only Cross-Site Request Forgery) prevention GSA_kwCzR0hTQS05cTgyLXhnd2Ytdmo2aM4ABUWT

npm apollo-server-core, @apollo/server

High

4 months ago

Apollo Serve vulnerable to Denial of Service with `startStandaloneServer` GSA_kwCzR0hTQS1tcDZxLXhmOXgtZndmN84ABR7w

npm @apollo/server, apollo-server

Low

over 2 years ago

Prevent logging invalid header values GSA_kwCzR0hTQS1qNWczLTVjOHItN3FmeM4AA1lN

npm apollo-server-core, @apollo/server

Low

almost 3 years ago

@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces GSA_kwCzR0hTQS02OGpoLXJmNngtODM2Zs4AAz6F

npm @apollo/server

Moderate

over 3 years ago

Batched HTTP requests may set incorrect `cache-control` response header GSA_kwCzR0hTQS04cjY5LTNjdnAtd3hjM84AAvrB

npm @apollo/server, apollo-server-core

Potential

Moderate

over 3 years ago

The graphql-upload library included in Apollo Server 2 is vulnerable to CSRF mutations GSA_kwCzR0hTQS0ycDNjLXAzcXctNjlyNM4AAvS5

npm apollo-server

Potential

Moderate

almost 4 years ago

apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page GSA_kwCzR0hTQS0yZnZ2LXF4cnEtN2pxNs4AAuFi

npm apollo-server-core

Potential

High

over 4 years ago

Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server) GSA_kwCzR0hTQS1xbTd4LXJjNDQtcnJxd80W7A

npm apollo-server

Potential

Moderate

almost 6 years ago

Introspection in schema validation in Apollo Server MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0MmctN3ZmYy14ZjM3

npm apollo-server-micro, apollo-server-lambda, apollo-server-koa, apollo-server-hapi, apollo-server-fastify, apollo-server-express, apollo-server-cloudflare, apollo-server-cloud-functions, apollo-server-core, apollo-server-cache-memcached, apollo-server-azure-functions, apollo-server

Potential

High

almost 7 years ago

Prototype Pollution in @apollo/gateway MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0Y3ItNzd4Yy04ZzZy

npm @apollo/gateway

Filter by Severity

Moderate 5 High 3 Low 2

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

@apollo/server

Apollo Server: Browser bug allows for bypass of XS-Search (read-only Cross-Site Request Forgery) prevention GSA_kwCzR0hTQS05cTgyLXhnd2Ytdmo2aM4ABUWT

Apollo Serve vulnerable to Denial of Service with `startStandaloneServer` GSA_kwCzR0hTQS1tcDZxLXhmOXgtZndmN84ABR7w

Prevent logging invalid header values GSA_kwCzR0hTQS1qNWczLTVjOHItN3FmeM4AA1lN

@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces GSA_kwCzR0hTQS02OGpoLXJmNngtODM2Zs4AAz6F

Batched HTTP requests may set incorrect `cache-control` response header GSA_kwCzR0hTQS04cjY5LTNjdnAtd3hjM84AAvrB

The graphql-upload library included in Apollo Server 2 is vulnerable to CSRF mutations GSA_kwCzR0hTQS0ycDNjLXAzcXctNjlyNM4AAvS5

apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page GSA_kwCzR0hTQS0yZnZ2LXF4cnEtN2pxNs4AAuFi

Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server) GSA_kwCzR0hTQS1xbTd4LXJjNDQtcnJxd80W7A

Introspection in schema validation in Apollo Server MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0MmctN3ZmYy14ZjM3

Prototype Pollution in @apollo/gateway MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0Y3ItNzd4Yy04ZzZy

Filter by Severity