Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2025-31481
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17.
| Software | From | Fixed in |
|---|---|---|
api-platform / graphql
|
4.0.0-alpha.1 | 4.0.22 |
|
api-platform / core
|
4.0.0-alpha.1 | 4.0.22 |
|
api-platform / graphql
|
- | 3.4.17 |
|
api-platform / core
|
- | 3.4.17 |
|
api-platform / graphql
|
4.1.0-alpha.1 | 4.1.5 |
|
api-platform / core
|
4.1.0-alpha.1 | 4.1.5 |
- https://github.com/api-platform/core/commit/55712452b4f630978537bdb2a07dc958202336bb
- https://github.com/api-platform/core/commit/60747cc8c2fb855798c923b5537888f8d0969568
- https://github.com/api-platform/core/releases/tag/v3.4.17
- https://github.com/api-platform/core/releases/tag/v4.1.5
- https://github.com/api-platform/core/security/advisories/GHSA-cg3c-245w-728m
- https://github.com/FriendsOfPHP/security-advisories/blob/master/api-platform/core/CVE-2025-31481.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/api-platform/graphql/CVE-2025-31481.yaml
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime