type-graphql prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request.
Upgrade to version 0.17.6 or later.
publishedAdvisory PublishedDec 23rd, 2019
reportedReported by Bernard McManusDec 23rd, 2019