Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40apollo/composition@2.0.0-preview.1
Typenpm
Namespace@apollo
Namecomposition
Version2.0.0-preview.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.9.5
Latest_non_vulnerable_version2.12.1
Affected_by_vulnerabilities
0
url VCID-egqn-q2x7-ubcn
vulnerability_id VCID-egqn-q2x7-ubcn
summary 
Apollo Federation has Improper Enforcement of Access Control on Transitive Fields
A vulnerability in Apollo Federation's composition logic did not enforce that fields depending on protected data through `@requires` and/or `@fromContext` directives have the same access control requirements as the fields they reference. This allowed queries to access protected fields indirectly through their dependencies, bypassing access control checks. A fix to composition logic in Federation now enforces that dependent fields match the access control requirements from of the fields they reference.
references
0
reference_url https://github.com/apollographql/federation
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apollographql/federation
1
reference_url https://github.com/apollographql/federation/commit/09e596e6a0c753071ca822e84f525d73ada395cf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apollographql/federation/commit/09e596e6a0c753071ca822e84f525d73ada395cf
2
reference_url https://github.com/apollographql/federation/commit/0d8fca1c8cc375bb8486f11f339984b69267417d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apollographql/federation/commit/0d8fca1c8cc375bb8486f11f339984b69267417d
3
reference_url https://github.com/apollographql/federation/commit/20c75d1d60a48fc289d88c8d29652f1afc7553e4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apollographql/federation/commit/20c75d1d60a48fc289d88c8d29652f1afc7553e4
4
reference_url https://github.com/apollographql/federation/commit/e1c58611c3c996b4fff98a54e49f00549ff2115d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apollographql/federation/commit/e1c58611c3c996b4fff98a54e49f00549ff2115d
5
reference_url https://github.com/advisories/GHSA-m8jr-fxqx-8xx6
reference_id GHSA-m8jr-fxqx-8xx6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m8jr-fxqx-8xx6
6
reference_url https://github.com/apollographql/federation/security/advisories/GHSA-m8jr-fxqx-8xx6
reference_id GHSA-m8jr-fxqx-8xx6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apollographql/federation/security/advisories/GHSA-m8jr-fxqx-8xx6
fixed_packages
0
url pkg:npm/%40apollo/composition@2.9.5
purl pkg:npm/%40apollo/composition@2.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540apollo/composition@2.9.5
1
url pkg:npm/%40apollo/composition@2.10.4
purl pkg:npm/%40apollo/composition@2.10.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540apollo/composition@2.10.4
2
url pkg:npm/%40apollo/composition@2.11.5
purl pkg:npm/%40apollo/composition@2.11.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540apollo/composition@2.11.5
3
url pkg:npm/%40apollo/composition@2.12.1
purl pkg:npm/%40apollo/composition@2.12.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540apollo/composition@2.12.1
aliases GHSA-m8jr-fxqx-8xx6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egqn-q2x7-ubcn
1
url VCID-yccb-7ew1-fbct
vulnerability_id VCID-yccb-7ew1-fbct
summary 
@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields
A vulnerability in Apollo Federation's composition logic allowed some queries to Apollo Router to improperly bypass access controls on types/fields. Apollo Federation incorrectly allowed user-defined access control directives on interface types/fields, which could be bypassed by instead querying the implementing object types/fields in Apollo Router via inline or named fragments. A fix to composition logic in Federation now disallows interfaces types and fields to contain user-defined access control directives.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64530
reference_id
reference_type
scores
0
value 0.00139
scoring_system epss
scoring_elements 0.33755
published_at 2026-06-08T12:55:00Z
1
value 0.00139
scoring_system epss
scoring_elements 0.33788
published_at 2026-06-07T12:55:00Z
2
value 0.00139
scoring_system epss
scoring_elements 0.33822
published_at 2026-06-06T12:55:00Z
3
value 0.00139
scoring_system epss
scoring_elements 0.33806
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64530
1
reference_url https://github.com/apollographql/federation
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apollographql/federation
2
reference_url https://github.com/apollographql/federation/pull/3340
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apollographql/federation/pull/3340
3
reference_url https://github.com/apollographql/federation/pull/3341
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apollographql/federation/pull/3341
4
reference_url https://github.com/apollographql/federation/pull/3343
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apollographql/federation/pull/3343
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64530
reference_id CVE-2025-64530
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64530
6
reference_url https://github.com/advisories/GHSA-mx7m-j9xf-62hw
reference_id GHSA-mx7m-j9xf-62hw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mx7m-j9xf-62hw
7
reference_url https://github.com/apollographql/federation/security/advisories/GHSA-mx7m-j9xf-62hw
reference_id GHSA-mx7m-j9xf-62hw
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T15:57:29Z/
url https://github.com/apollographql/federation/security/advisories/GHSA-mx7m-j9xf-62hw
fixed_packages
0
url pkg:npm/%40apollo/composition@2.9.5
purl pkg:npm/%40apollo/composition@2.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540apollo/composition@2.9.5
1
url pkg:npm/%40apollo/composition@2.10.4
purl pkg:npm/%40apollo/composition@2.10.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540apollo/composition@2.10.4
2
url pkg:npm/%40apollo/composition@2.11.5
purl pkg:npm/%40apollo/composition@2.11.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540apollo/composition@2.11.5
3
url pkg:npm/%40apollo/composition@2.12.1
purl pkg:npm/%40apollo/composition@2.12.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540apollo/composition@2.12.1
aliases CVE-2025-64530, GHSA-mx7m-j9xf-62hw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yccb-7ew1-fbct
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540apollo/composition@2.0.0-preview.1