Search for packages
| purl | pkg:composer/api-platform/graphql@3.3.15 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ezka-28sk-rbaz
Aliases: CVE-2025-31481 GHSA-cg3c-245w-728m |
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-h6xs-dtvv-mffa
Aliases: CVE-2025-31485 GHSA-428q-q3vv-3fq3 |
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() method is meant to prevent the caching but the parent::normalize method that is called afterwards still creates the cache key and causes the issue. This vulnerability is fixed in 4.0.22 and 3.4.17. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T19:58:11.335373+00:00 | GitLab Importer | Affected by | VCID-h6xs-dtvv-mffa | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/api-platform/graphql/CVE-2025-31485.yml | 38.6.0 |
| 2026-06-12T19:58:06.474171+00:00 | GitLab Importer | Affected by | VCID-ezka-28sk-rbaz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/api-platform/graphql/CVE-2025-31481.yml | 38.6.0 |