parse-community Latest High & Critical Vulnerabilities

Latest High & Critical vulnerabilities published by parse-community

JSON RSS CSV 🔔 Create Alert Trigger

1 July 2024

SQL Injection Vulnerability Affects Parse Server Prior to 6.5.7 and 7.1.0
CVE-2024-39309
Parse-communityParse-server9.8CRITICAL

19 March 2024

Security Advisory: Injection Vulnerability in Parse Server Prior to Versions 6.5.5 and 7.0.0-alpha.29
CVE-2024-29027
Parse-communityParse-server9.1CRITICAL

1 March 2024

SQL Injection Vulnerability in Parse Server for Node.js / Express
CVE-2024-27298
Parse-communityParse-server10CRITICAL

25 October 2023

Parse Server may crash when uploading file without extension
CVE-2023-46119
Parse-communityParse-server7.5HIGH

4 September 2023

Trigger `beforeFind` not invoked in internal query pipeline in parse-server
CVE-2023-41058
Parse-communityParse-server7.5HIGH

28 June 2023

Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
CVE-2023-36475
Parse-communityParse-server9.8CRITICAL

27 May 2023

Invalid push request payload crashes Parse Server
CVE-2023-32688
parse-communityparse-server-push-adapter7.5HIGH

3 February 2023

Parse Server is vulnerable to authentication bypass via spoofing
CVE-2023-22474
Parse-communityParse-server8.7HIGH

10 November 2022

24 October 2022

Parse Server crashes when receiving file download request with invalid byte range
CVE-2022-39313
Parse-communityParse-server7.5HIGH

7 September 2022

Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
CVE-2022-36079
Parse-communityParse-server8.6HIGH

30 June 2022

Protected fields exposed via LiveQuery in parse-server
CVE-2022-31112
Parse-communityParse-server8.2HIGH

27 June 2022

Invalid file request can crashe parse-server
CVE-2022-31089
Parse-communityParse-server7.5HIGH

17 June 2022

Authentication bypass in Parse Server Apple Game Center auth adapter
CVE-2022-31083
Parse-communityParse-server8.6HIGH

4 May 2022

Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
CVE-2022-24901
Parse-communityParse-server7.5HIGH

12 March 2022

Command Injection in Parse server
CVE-2022-24760
Parse-communityParse-server👾🟡EPSS 58%10CRITICAL

30 September 2021

LiveQuery publishes user session tokens
CVE-2021-41109
Parse-communityParse-server7.5HIGH

2 September 2021

Crash server with query parameter
CVE-2021-39187
Parse-communityParse-server7.5HIGH

30 December 2020

Parse Server stores password in plain text
CVE-2020-26288
Parse-communityParse-server7.7HIGH

4 March 2020

Information disclosure in parse-server
CVE-2020-5251
Parse-communityParse-server7.7HIGH