parse-community Parse Server Vulnerabilities
Parse-community Parse-server vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Vulnerability in Parse Server GraphQL API Exposes Schema Metadata
CVE-2025-53364Parse-communityParse-server5.3MEDIUMAuthentication Credential Vulnerability in Parse Server by Parse Community
CVE-2025-30168Parse-communityParse-server6.9MEDIUMSQL Injection Vulnerability Affects Parse Server Prior to 6.5.7 and 7.1.0
CVE-2024-39309Parse-communityParse-server9.8CRITICALSecurity Advisory: Injection Vulnerability in Parse Server Prior to Versions 6.5.5 and 7.0.0-alpha.29
CVE-2024-29027Parse-communityParse-server9.1CRITICALSQL Injection Vulnerability in Parse Server for Node.js / Express
CVE-2024-27298Parse-communityParse-server10CRITICALParse Server may crash when uploading file without extension
CVE-2023-46119Parse-communityParse-server7.5HIGHTrigger `beforeFind` not invoked in internal query pipeline in parse-server
CVE-2023-41058Parse-communityParse-server7.5HIGHParse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
CVE-2023-36475Parse-communityParse-server9.8CRITICALParse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file
CVE-2023-32689parse-communityparse-server6.5MEDIUMParse Server is vulnerable to authentication bypass via spoofing
CVE-2023-22474Parse-communityParse-server8.7HIGHParse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser
CVE-2022-39396Parse-communityParse-serverEPSS 37%9.8CRITICALParse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers
CVE-2022-41878Parse-communityParse-server7.2HIGHParse Server subject to Prototype pollution via Cloud Code Webhooks
CVE-2022-41879Parse-communityParse-server7.2HIGHParse Server crashes when receiving file download request with invalid byte range
CVE-2022-39313Parse-communityParse-server7.5HIGHParse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented
CVE-2022-39231Parse-communityParse-server3.7LOWParse Server subject to Incorrect Resource Transfer Between Spheres
CVE-2022-39225Parse-communityParse-server4.3MEDIUMParse Server vulnerable to brute force guessing of user sensitive data via search patterns
CVE-2022-36079Parse-communityParse-server8.6HIGHProtected fields exposed via LiveQuery in parse-server
CVE-2022-31112Parse-communityParse-server8.2HIGHInvalid file request can crashe parse-server
CVE-2022-31089Parse-communityParse-server7.5HIGHAuthentication bypass in Parse Server Apple Game Center auth adapter
CVE-2022-31083Parse-communityParse-server8.6HIGHAuthentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
CVE-2022-24901Parse-communityParse-server7.5HIGHCommand Injection in Parse server
CVE-2022-24760Parse-communityParse-serverπΎπ‘EPSS 58%10CRITICALLiveQuery publishes user session tokens
CVE-2021-41109Parse-communityParse-server7.5HIGHCrash server with query parameter
CVE-2021-39187Parse-communityParse-server7.5HIGHNew anonymous user session acts as if it's created with password
CVE-2021-39138Parse-communityParse-server4.8MEDIUM