api-platform/core Security Advisories for v2.7.0-beta.1 (3)
-
[HIGH] GraphQL grant on a property might be cached with different objects
PKSA-gs8r-6kz6-pp56 CVE-2025-31485 GHSA-428q-q3vv-3fq3
Affected version: <4.0.22
Reported by:
GitHub -
[HIGH] GraphQL query operations security can be bypassed
PKSA-gnn4-pxdg-q76m CVE-2025-31481 GHSA-cg3c-245w-728m
Affected version: <4.0.22
Reported by:
GitHub -
[HIGH] CVE-2023-25575: Secured properties may be accessible within collections
PKSA-dsd6-6541-26zs CVE-2023-25575 GHSA-vr2x-7687-h6qv
Affected version: >=2.6.0,<2.7.10|>=3.0.0,<3.0.12|>=3.1.0,<3.1.3
Reported by:
FriendsOfPHP/security-advisories, GitHub