apollo-router
crates.io12 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting apollo-routerpage 1 of 1
- CVE-2023-41317HIGHCVSS 7.5EG 7.5✓ Fixed in 1.29.12023-09-05
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the …
- CVE-2023-45812HIGHCVSS 7.5EG 7.5✓ Fixed in 1.33.02023-10-18
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Ro…
- CVE-2024-28101HIGHCVSS 7.5EG 7.5✓ Fixed in 1.40.22024-03-21
The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads…
- CVE-2024-32971CRITICALCVSS 9.0EG 9.0✓ Fixed in 1.45.12024-05-02
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operati…
- CVE-2024-43414HIGHCVSS 7.5EG 7.5✓ Fixed in 1.52.12024-08-27
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-pla…
- CVE-2024-43783HIGHCVSS 7.5EG 7.5✓ Fixed in 1.52.12024-08-27
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a de…
- CVE-2025-32032HIGHCVSS 7.5EG 7.5✓ Fixed in 2.1.12025-04-07
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragm…
- CVE-2025-32033HIGHCVSS 7.5EG 7.5✓ Fixed in 2.1.12025-04-07
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to tr…
- CVE-2025-32034HIGHCVSS 7.5EG 7.5✓ Fixed in 2.1.12025-04-07
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply ne…
- CVE-2025-32380HIGHCVSS 7.5EG 7.5✓ Fixed in 2.1.12025-04-09
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply ne…
- CVE-2025-64173HIGHCVSS 7.5EG 7.5✓ Fixed in 2.8.12025-11-06
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated …
- CVE-2025-64347HIGHCVSS 7.5EG 7.5✓ Fixed in 2.8.12025-11-07
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with…
Check whether apollo-router is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for apollo-router CVEs against the assets you own.
Start Free Scan →