Browse all 5 CVE security advisories affecting api-platform. AI-powered Chinese analysis, POCs, and references for each vulnerability.
API-platform serves as a development framework for building RESTful APIs, primarily used in enterprise applications. Historically, it has been susceptible to common vulnerabilities including remote code execution, cross-site scripting, and privilege escalation due to misconfigurations and input validation flaws. The platform's security posture has been impacted by several CVEs, with notable issues including authentication bypasses and insecure object references. While no major public security incidents have been widely documented, the consistent appearance of vulnerabilities in its CVE history indicates ongoing challenges in secure implementation. Organizations using this framework must prioritize proper configuration and regular security updates to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-31485 | GraphQL grant on a property might be cached with different objects — coreCWE-696 | 7.5 | High | 2025-04-03 |
| CVE-2025-31481 | GraphQL query operations security can be bypassed — coreCWE-863 | 7.5 | High | 2025-04-03 |
| CVE-2023-47639 | API Platform Core can leak exceptions message that may contain sensitive information — coreCWE-209 | 5.3 | Medium | 2025-04-03 |
| CVE-2025-23204 | GraphQl securityAfterResolver not called — coreCWE-20 | 4.4 | Medium | 2025-03-24 |
| CVE-2023-25575 | Secured properties in API Platform Core may be accessible within collections — coreCWE-842 | 7.7 | High | 2023-02-28 |
This page lists every published CVE security advisory associated with api-platform. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.