VulnerableCode Package Details - pkg:npm/apollo-server@2.14.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-a82x-uben-ufdz Aliases: GHSA-qm7x-rc44-rrqw GMS-2021-33	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in apollo-server.	2.25.3 Affected by 0 other vulnerabilities. 3.4.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-a82x-uben-ufdz
Aliases:
GHSA-qm7x-rc44-rrqw
GMS-2021-33

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in apollo-server.

2.25.3
Affected by 0 other vulnerabilities.

3.4.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-u2b9-99j7-rkbk	Introspection in schema validation in Apollo Server If `subscriptions: false` is passed to the `ApolloServer` constructor options, there is no impact. If implementors were not expecting validation rules to be enforced on the WebSocket subscriptions transport and are unconcerned about introspection being enabled on the WebSocket subscriptions transport (or were not expecting that), then this advisory is not applicable. If `introspection: true` is passed to the `ApolloServer` constructor options, the impact is limited to user-provided validation rules (i.e., using `validationRules`) since there would be no expectation that introspection was disabled.	GHSA-w42g-7vfc-xf37 GMS-2020-59 GMS-2020-60 GMS-2020-61 GMS-2020-62 GMS-2020-63 GMS-2020-64 GMS-2020-65 GMS-2020-66 GMS-2020-67 GMS-2020-68 GMS-2020-69 GMS-2020-70

Vulnerability

Summary

Aliases

VCID-u2b9-99j7-rkbk

Introspection in schema validation in Apollo Server If `subscriptions: false` is passed to the `ApolloServer` constructor options, there is no impact. If implementors were not expecting validation rules to be enforced on the WebSocket subscriptions transport **and** are unconcerned about introspection being enabled on the WebSocket subscriptions transport (or were not expecting that), then this advisory is not applicable. If `introspection: true` is passed to the `ApolloServer` constructor options, the impact is limited to user-provided validation rules (i.e., using `validationRules`) since there would be no expectation that introspection was disabled.

GHSA-w42g-7vfc-xf37
GMS-2020-59
GMS-2020-60
GMS-2020-61
GMS-2020-62
GMS-2020-63
GMS-2020-64
GMS-2020-65
GMS-2020-66
GMS-2020-67
GMS-2020-68
GMS-2020-69
GMS-2020-70

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T01:05:19.007910+00:00	GitLab Importer	Affected by	VCID-a82x-uben-ufdz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/apollo-server/GMS-2021-33.yml	38.6.0
2026-06-05T21:12:05.068373+00:00	GHSA Importer	Fixing	VCID-u2b9-99j7-rkbk	https://github.com/advisories/GHSA-w42g-7vfc-xf37	38.6.0
2026-06-04T17:24:38.446912+00:00	GithubOSV Importer	Fixing	VCID-u2b9-99j7-rkbk	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-w42g-7vfc-xf37/GHSA-w42g-7vfc-xf37.json	38.6.0
2026-06-04T16:20:02.901908+00:00	GitLab Importer	Fixing	VCID-u2b9-99j7-rkbk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/apollo-server/GMS-2020-59.yml	38.6.0