@apollo/gateway (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @apollo/gateway, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2026-32621 — CVSS 9.9 (critical): Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and…
CVE-2024-43414 — CVSS 7.5 (high): Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph…
CVE-2025-32030 — CVSS 7.5 (high): Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a…
CVE-2025-32031 — CVSS 7.5 (high): Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a…