Apollo-router

This hub aggregates every CVE we track for Apollo-router, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 12 most recently published vulnerabilities affecting Apollo-router.

• CVE-2025-64347Apollo Router Improperly Enforces Renamed Access Control Directives7.5Nov 7, 2025
• CVE-2025-64173Apollo Router Core: Access Control Bypass on Polymorphic Types7.5Nov 6, 2025
• CVE-2025-32380Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing7.5Apr 9, 2025
• CVE-2025-32034Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion7.5Apr 7, 2025
• CVE-2025-32033Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow7.5Apr 7, 2025
• CVE-2025-32032Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass7.5Apr 7, 2025
• CVE-2024-43414Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries7.5Aug 27, 2024
• CVE-2024-43783Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies7.5Aug 27, 2024
• CVE-2024-32971Defect in query plan cache may cause incorrect operations to be executed in Apollo Router9.0May 2, 2024
• CVE-2024-28101Apollo Router's Compressed Payloads do not respect HTTP Payload Limits7.5Mar 6, 2024
• CVE-2023-45812Improper Check or Handling of Exceptional Conditions in apollo-router7.5Oct 18, 2023
• CVE-2023-41317Unnamed "Subscription" operation results in Denial-of-Service in apollographql/router7.5Sep 5, 2023