[HIGH] GraphQL grant on a property might be cached with different objects

PKSA-gs8r-6kz6-pp56 CVE-2025-31485 GHSA-428q-q3vv-3fq3

Affected version: <3.4.17|>=4.0.0,<4.0.22|>=4.1.0,<4.1.5

Reported by:
FriendsOfPHP/security-advisories, GitHub

[HIGH] GraphQL query operations security can be bypassed

PKSA-gnn4-pxdg-q76m CVE-2025-31481 GHSA-cg3c-245w-728m

Affected version: <3.4.17|>=4.0.0,<4.0.22|>=4.1.0,<4.1.5

Reported by:
FriendsOfPHP/security-advisories, GitHub

[MEDIUM] CVE-2019-1000011: Access control bypass in GraphQL mutations

PKSA-2j74-htpf-prz8 CVE-2019-1000011 GHSA-974j-wjxx-wggj

Affected version: >=2.2.0,<2.2.10|>=2.3.0,<2.3.6

Reported by:
FriendsOfPHP/security-advisories, GitHub