VulnerableCode Vulnerability Details - VCID-a82x-uben-ufdz

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-a82x-uben-ufdz

Essentials
Severities (2)
References (3)
Severity details (2)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-a82x-uben-ufdz
Aliases	GHSA-qm7x-rc44-rrqw GMS-2021-33
Summary	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in apollo-server.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	HIGH	https://github.com/apollographql/apollo-server
generic_textual	HIGH	https://github.com/apollographql/apollo-server/security/advisories/GHSA-qm7x-rc44-rrqw

Reference id	Reference type	URL
		https://github.com/apollographql/apollo-server
GHSA-qm7x-rc44-rrqw		https://github.com/advisories/GHSA-qm7x-rc44-rrqw
GHSA-qm7x-rc44-rrqw		https://github.com/apollographql/apollo-server/security/advisories/GHSA-qm7x-rc44-rrqw

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:40:22.154419+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/apollo-server/GMS-2021-33.yml	38.6.0