npm/@apollo/gateway — 4 CVEs

CRITICAL9.9CVE-2026-32621Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

from 0, < 2.9.6

HIGH7.5CVE-2025-32031Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

from 0, < 2.10.1

HIGH7.5CVE-2025-32030Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

from 0, < 2.10.1

HIGH7.5Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries

>= 2.0.0, < 2.8.5

pkg:npm/@apollo/gateway