diff --git a/api-platform/core/CVE-2025-31481.yaml b/api-platform/core/CVE-2025-31481.yaml
new file mode 100644
index 000000000..36c05a935
--- /dev/null
+++ b/api-platform/core/CVE-2025-31481.yaml
@@ -0,0 +1,14 @@
+title:     "GraphQL query operations security can be bypassed"
+link:      https://github.com/advisories/GHSA-cg3c-245w-728m
+cve:       CVE-2025-31481
+branches:
+    '3.4':
+        time:     2025-04-03 15:02:00
+        versions: ['<3.4.17']
+    '4.0':
+        time:     2025-04-03 15:02:00
+        versions: ['>=4.0.0', '<4.0.22']
+    '4.1':
+        time:     2025-04-03 15:03:00
+        versions: ['>=4.1.0', '<4.1.5']
+reference: composer://api-platform/core
diff --git a/api-platform/core/CVE-2025-31485.yaml b/api-platform/core/CVE-2025-31485.yaml
new file mode 100644
index 000000000..b11f78bbe
--- /dev/null
+++ b/api-platform/core/CVE-2025-31485.yaml
@@ -0,0 +1,14 @@
+title:     "GraphQL grant on a property might be cached with different objects"
+link:      https://github.com/api-platform/core/security/advisories/GHSA-428q-q3vv-3fq3
+cve:       CVE-2025-31485
+branches:
+    '3.4':
+        time:     2025-04-03 15:03:00
+        versions: ['<3.4.17']
+    '4.0':
+        time:     2025-04-03 15:03:00
+        versions: ['>=4.0.0', '<4.0.22']
+    '4.1':
+        time:     2025-04-03 15:03:00
+        versions: ['>=4.1.0', '<4.1.5']
+reference: composer://api-platform/core
diff --git a/api-platform/graphql/CVE-2025-31481.yaml b/api-platform/graphql/CVE-2025-31481.yaml
new file mode 100644
index 000000000..7feecb403
--- /dev/null
+++ b/api-platform/graphql/CVE-2025-31481.yaml
@@ -0,0 +1,14 @@
+title:     "GraphQL query operations security can be bypassed"
+link:      https://github.com/advisories/GHSA-cg3c-245w-728m
+cve:       CVE-2025-31481
+branches:
+    '3.4':
+        time:     2025-04-03 15:02:00
+        versions: ['<3.4.17']
+    '4.0':
+        time:     2025-04-03 15:02:00
+        versions: ['>=4.0.0', '<4.0.22']
+    '4.1':
+        time:     2025-04-03 15:03:00
+        versions: ['>=4.1.0', '<4.1.5']
+reference: composer://api-platform/graphql
diff --git a/api-platform/graphql/CVE-2025-31485.yaml b/api-platform/graphql/CVE-2025-31485.yaml
new file mode 100644
index 000000000..017d7623b
--- /dev/null
+++ b/api-platform/graphql/CVE-2025-31485.yaml
@@ -0,0 +1,14 @@
+title:     "GraphQL grant on a property might be cached with different objects"
+link:      https://github.com/api-platform/core/security/advisories/GHSA-428q-q3vv-3fq3
+cve:       CVE-2025-31485
+branches:
+    '3.4':
+        time:     2025-04-03 15:03:00
+        versions: ['<3.4.17']
+    '4.0':
+        time:     2025-04-03 15:03:00
+        versions: ['>=4.0.0', '<4.0.22']
+    '4.1':
+        time:     2025-04-03 15:03:00
+        versions: ['>=4.1.0', '<4.1.5']
+reference: composer://api-platform/graphql