parse-community Summary
Latest vulnerabilities published by parse-community
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Remote Code Execution Vulnerability in Parse JavaScript SDK by Parse Community
CVE-2025-62374Parse-communityParse-sdk-js6.4MEDIUMVulnerability in Parse Server GraphQL API Exposes Schema Metadata
CVE-2025-53364Parse-communityParse-server5.3MEDIUMAuthentication Credential Vulnerability in Parse Server by Parse Community
CVE-2025-30168Parse-communityParse-server6.9MEDIUMSQL Injection Vulnerability Affects Parse Server Prior to 6.5.7 and 7.1.0
CVE-2024-39309Parse-communityParse-server9.8CRITICALSecurity Advisory: Injection Vulnerability in Parse Server Prior to Versions 6.5.5 and 7.0.0-alpha.29
CVE-2024-29027Parse-communityParse-server9.1CRITICALSQL Injection Vulnerability in Parse Server for Node.js / Express
CVE-2024-27298Parse-communityParse-server10CRITICALParse Server may crash when uploading file without extension
CVE-2023-46119Parse-communityParse-server7.5HIGHTrigger `beforeFind` not invoked in internal query pipeline in parse-server
CVE-2023-41058Parse-communityParse-server7.5HIGHParse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
CVE-2023-36475Parse-communityParse-server9.8CRITICALParse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file
CVE-2023-32689parse-communityparse-server6.5MEDIUMInvalid push request payload crashes Parse Server
CVE-2023-32688parse-communityparse-server-push-adapter7.5HIGHParse Server is vulnerable to authentication bypass via spoofing
CVE-2023-22474Parse-communityParse-server8.7HIGHParse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser
CVE-2022-39396Parse-communityParse-serverEPSS 37%9.8CRITICALParse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers
CVE-2022-41878Parse-communityParse-server7.2HIGHParse Server subject to Prototype pollution via Cloud Code Webhooks
CVE-2022-41879Parse-communityParse-server7.2HIGHParse Server crashes when receiving file download request with invalid byte range
CVE-2022-39313Parse-communityParse-server7.5HIGHParse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented
CVE-2022-39231Parse-communityParse-server3.7LOWParse Server subject to Incorrect Resource Transfer Between Spheres
CVE-2022-39225Parse-communityParse-server4.3MEDIUMParse Server vulnerable to brute force guessing of user sensitive data via search patterns
CVE-2022-36079Parse-communityParse-server8.6HIGHProtected fields exposed via LiveQuery in parse-server
CVE-2022-31112Parse-communityParse-server8.2HIGHInvalid file request can crashe parse-server
CVE-2022-31089Parse-communityParse-server7.5HIGHAuthentication bypass in Parse Server Apple Game Center auth adapter
CVE-2022-31083Parse-communityParse-server8.6HIGHAuthentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
CVE-2022-24901Parse-communityParse-server7.5HIGHCommand Injection in Parse server
CVE-2022-24760Parse-communityParse-serverπΎπ‘EPSS 58%10CRITICALLiveQuery publishes user session tokens
CVE-2021-41109Parse-communityParse-server7.5HIGH