`@apollo/server`

Ecosystem:
npm

Package URL:
pkg:npm/@apollo/server

Total PRs:
385 Dependabot PRs

Latest PR:
15 days ago

Unique Repositories:
162 repositories

Unique Repos (30 days):
10 repositories

Security Advisories

Apollo Serve vulnerable to Denial of Service with `startStandaloneServer`

GHSA-mp6q-xf9x-fwf7 CVE-2026-23897 HIGH published 4 months ago • updated 10 days ago

### Impact The default configuration of `startStandaloneServer` from `@apollo/server/standalone` is vulnerable to Denial of Service (DoS) attacks ...

Prevent logging invalid header values

GHSA-j5g3-5c8r-7qfx LOW published almost 3 years ago • updated 1 day ago

## Impact ### What kind of vulnerability is it? Apollo Server can log sensitive information (Studio API keys) if they are passed incorrectly (with ...

@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces

GHSA-68jh-rf6x-836f LOW published about 3 years ago • updated about 1 month ago

### Context Content Security Policies (CSP) are a defense-in-depth strategy against XSS attacks. Improper application of CSP isn't itself a vulnera...

Apollo Server: Browser bug allows for bypass of XS-Search (read-only Cross-Site Request Forgery) prevention

GHSA-9q82-xgwf-vj6h MODERATE published 3 months ago • updated 17 days ago

# Impact In a Cross-Site Request Forgery attack, untrusted web content causes browsers to send authenticated requests to web servers which use coo...

4.12.0 → 4.12.1 Patch PR

Open about 1 year ago 1 comment

chore(deps): bump the patch group across 2 directories with 9 updates

labd/node-federated-token #141

4.11.0 → 4.12.1 Minor PR

Open about 1 year ago 2 comments

build(deps): bump the production-dependencies group across 1 directory with 3 updates

aevrspace/wallet-api #18

4.12.0 → 4.12.1 Patch PR

Closed about 1 year ago 1 comment

Bump the app group across 1 directory with 31 updates

Magiscribe/Magiscribe-API #254

4.11.3 → 4.12.1 Minor PR

Closed about 1 year ago 1 comment

build(deps): bump @apollo/server from 4.12.0 to 4.12.1

5e-bits/5e-srd-api #774

4.12.0 → 4.12.1 Patch PR

Merged about 1 year ago

feat(deps): bump the all-deps group with 51 updates

VilnaCRM-Org/website #184

4.12.0 → 4.12.1 Patch PR

Open about 1 year ago

Bump @apollo/server from 4.11.3 to 4.12.1

ryotafunaki/tech-survs-graphql #71

4.11.3 → 4.12.1 Minor PR

Open about 1 year ago

build(deps): bump the production-dependencies group with 2 updates

aevrspace/wallet-api #17

4.12.0 → 4.12.1 Patch PR

Open about 1 year ago 1 comment

Bump the minor-and-patch group in /backend with 2 updates

ky1ejs/eleat #85

4.12.0 → 4.12.1 Patch PR

Open about 1 year ago 1 comment

Bump the app group across 1 directory with 32 updates

Magiscribe/Magiscribe-API #253

4.11.3 → 4.12.1 Minor PR

Open about 1 year ago 1 comment

Bump @apollo/server from 4.12.0 to 4.12.1

FrancoStino/F1-GraphQL #14

4.12.0 → 4.12.1 Patch PR

Open about 1 year ago 3 comments

Bump the minor-and-patch group in /backend with 3 updates

ky1ejs/cut #253

4.12.0 → 4.12.1 Patch PR

Merged about 1 year ago 1 comment

build(deps-dev): bump @apollo/server from 4.12.0 to 4.12.1 in the graphql group across 1 directory

Papooch/nestjs-cls #309

4.12.0 → 4.12.1 Patch PR

Open about 1 year ago

build(deps): bump @apollo/server from 4.12.0 to 4.12.1 in /server

SrijaAdhya12/expense-trackerQL #273

4.12.0 → 4.12.1 Patch PR

Merged about 1 year ago 1 comment

chore(deps): bump the production-dependencies group across 1 directory with 5 updates

miracleonyenma/express-ts-graphql-starter #12

4.12.0 → 4.12.1 Patch PR

Closed about 1 year ago 2 comments

chore(deps): bump @apollo/server from 4.12.0 to 4.12.1

g59/nestjs-plugins #1959

4.12.0 → 4.12.1 Patch PR

Merged about 1 year ago

deps(example): Bump the dependencies group across 1 directory with 8 updates

arcjet/arcjet-js #4185

4.12.0 → 4.12.1 Patch PR

Open about 1 year ago 3 comments

⬆️ Bump @apollo/server from 4.12.0 to 4.12.1

keiffff/ts-graphql-server-base #158

4.12.0 → 4.12.1 Patch PR

Closed about 1 year ago 1 comment

chore(deps-dev): bump @apollo/server from 4.12.0 to 4.12.1 in the apollo group

elastic/apm-agent-nodejs #4615

4.12.0 → 4.12.1 Patch PR

Open about 1 year ago 2 comments

libms-npm: bump @apollo/server from 4.11.0 to 4.12.1 in /servers/lib

INTO-CPS-Association/DTaaS #1247

4.11.0 → 4.12.1 Minor PR

Open about 1 year ago 4 comments

Bump @apollo/server from 4.12.0 to 4.12.1

lpgera/dirigera-web #1981

4.12.0 → 4.12.1 Patch PR

Merged about 1 year ago

Bump @apollo/server from 4.12.0 to 4.12.1

seerviashish/psl #1021

4.12.0 → 4.12.1 Patch PR

Open about 1 year ago 1 comment

Bump @apollo/server from 4.11.2 to 4.12.1

emmaworley/karafriends #1475

4.11.2 → 4.12.1 Minor PR

Closed about 1 year ago 1 comment

Bump @apollo/server from 4.12.0 to 4.12.1

lpgera/cookbook #1491

4.12.0 → 4.12.1 Patch PR

Merged about 1 year ago

deps(example): Bump the dependencies group across 1 directory with 6 updates

arcjet/arcjet-js #4166

4.12.0 → 4.12.1 Patch PR

Closed about 1 year ago 3 comments

build(deps): bump @apollo/server from 4.11.3 to 4.12.1

ffalt/jamserve #1793

4.11.3 → 4.12.1 Minor PR

Merged about 1 year ago

chore(deps-dev): bump @apollo/server from 4.12.0 to 4.12.1

micalevisk/nest #1435

4.12.0 → 4.12.1 Patch PR

Closed about 1 year ago

chore(deps-dev): bump @apollo/server from 4.12.0 to 4.12.1

nestjs/nest #15139

4.12.0 → 4.12.1 Patch PR

Open about 1 year ago 1 comment

Bump @apollo/server from 4.11.3 to 4.12.1

sarvex/full-stack-ts #805

4.11.3 → 4.12.1 Minor PR

Open about 1 year ago 2 comments

chore(deps): bump @apollo/server from 4.12.0 to 4.12.1 in /server

warmachine028/graph-ql-server #127

4.12.0 → 4.12.1 Patch PR

Merged about 1 year ago

build(deps): bump @apollo/server from 4.12.0 to 4.12.1 in /src

warmachine028/learning-GraphQL #78

4.12.0 → 4.12.1 Patch PR

Open about 1 year ago 1 comment

Bump @apollo/server from 4.12.0 to 4.12.1

frantisekpetko/next-nestjs-zoo-admin #678

4.12.0 → 4.12.1 Patch PR

Merged about 1 year ago

chore(deps): bump the npm_and_yarn group across 1 directory with 38 updates

robertlansing/Cromwell #1

4.5.0 → 4.9.3 Minor PR

Open about 1 year ago

Bump the app group across 1 directory with 30 updates

Magiscribe/Magiscribe-API #252

4.11.3 → 4.12.0 Minor PR

Open about 1 year ago 1 comment

Bump the app group across 1 directory with 26 updates

Magiscribe/Magiscribe-API #251

4.11.3 → 4.12.0 Minor PR

Open about 1 year ago 1 comment

build(deps): bump the node-deps group across 1 directory with 28 updates

rajatgupta24/taskcluster #352

4.11.3 → 4.12.0 Minor PR

Closed about 1 year ago 1 comment

Bump @apollo/server from 4.11.2 to 4.12.0

connorworley/karafriends #1392

4.11.2 → 4.12.0 Minor PR

Closed about 1 year ago 1 comment

libms-npm: bump @apollo/server from 4.11.0 to 4.12.0 in /servers/lib

INTO-CPS-Association/DTaaS #1222

4.11.0 → 4.12.0 Minor PR

Closed about 1 year ago 3 comments

Bump the npm_and_yarn group across 1 directory with 23 updates

offsoc/RedEye #8

4.7.5 → 4.9.3 Minor PR

Closed about 1 year ago 1 comment

build(deps): bump @apollo/server from 4.11.3 to 4.12.0

ffalt/jamserve #1775

4.11.3 → 4.12.0 Minor PR

Closed about 1 year ago 1 comment

chore(deps): bump the patch group across 1 directory with 9 updates

labd/node-federated-token #130

4.11.0 → 4.12.0 Minor PR

Closed about 1 year ago 1 comment

Bump @apollo/server from 4.11.3 to 4.12.0

sarvex/full-stack-ts #767

4.11.3 → 4.12.0 Minor PR

Closed about 1 year ago 2 comments

Bump @apollo/server from 4.11.3 to 4.12.0

ryotafunaki/tech-survs-graphql #55

4.11.3 → 4.12.0 Minor PR

Closed about 1 year ago 1 comment

chore(deps): bump @apollo/server from 4.4.1 to 4.9.3 in /sample/32-graphql-federation-schema-first/gateway

sumonst21/nest #1

4.4.1 → 4.9.3 Minor PR

Closed almost 3 years ago 1 comment

chore(deps): bump @apollo/server from 4.7.3 to 4.9.3

mambax7/vue-apollo #4

4.7.3 → 4.9.3 Minor PR

Merged almost 3 years ago

chore(deps-dev): bump @apollo/server from 4.7.5 to 4.9.3 in /proxies/events-graphql-proxy

City-of-Helsinki/events-helsinki-monorepo #441

4.7.5 → 4.9.3 Minor PR

Closed almost 3 years ago 1 comment

chore(deps): bump @apollo/server from 4.7.5 to 4.9.3 in /packages/graphql-proxy-server

City-of-Helsinki/events-helsinki-monorepo #439

4.7.5 → 4.9.3 Minor PR

Closed almost 3 years ago 1 comment

chore(deps): bump @apollo/server from 4.5.0 to 4.7.4 in /sample/12-graphql-schema-first

sarvex/nest #10

4.5.0 → 4.7.4 Minor PR

Closed about 3 years ago 2 comments

chore(deps): bump @apollo/server from 4.5.0 to 4.7.4 in /sample/31-graphql-federation-code-first/users-application

sarvex/nest #11

4.5.0 → 4.7.4 Minor PR

Closed about 3 years ago 2 comments

Package Details

Name:	`@apollo/server`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/@apollo/server`
JSON API:	View JSON

Security Advisories

5

Active advisories

HIGH 1

MODERATE 2

LOW 2

View All npm Advisories

Package Information

Description:

Core engine for Apollo GraphQL server

Repository:	https://github.com/apollographql/apollo-server
Homepage:	https://github.com/apollographql/apollo-server#readme
Latest Release:	`4.12.2` about 1 year ago
Dependent Repos:	5,993
Dependent Packages:	392
Downloads:	5,424,182
Ranking:	Top 0.3029% by dependent repos Top 0.1646% by downloads Top 0.1585% by dependent pkgs

PR Status

Open 188 (48.8%)

Merged 28 (7.3%)

Closed 133 (34.5%)

PR Types

Major 136 (35.3%)

Minor 150 (39.0%)

Patch 63 (16.4%)

@apollo/server

Security Advisories

Apollo Serve vulnerable to Denial of Service with `startStandaloneServer`

Prevent logging invalid header values

@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces

Apollo Server: Browser bug allows for bypass of XS-Search (read-only Cross-Site Request Forgery) prevention

Batched HTTP requests may set incorrect `cache-control` response header

Recent PRs

Package Details

Security Advisories

5

Package Information

PR Status

PR Types

`@apollo/server`