Supply Chain Vulnerability in Parse Server by Parse Community
CVE-2021-47986

7.7HIGH

Key Information:

Vendor: Parse-community
Status: Parse-server
Vendor: CVE Published:; 25 June 2026

🔔 Create Parse-community Vulnerability Alert

What is CVE-2021-47986?

Parse Server prior to version 4.10.0 suffers from a supply chain vulnerability due to erroneous version tags being pushed to the repository. These tags link to unreviewed code hosted in a personal fork, which could allow attackers to exploit the vulnerability by using specified version tags in their dependency declarations. This exploitation may lead to the execution of unreviewed and potentially malicious code, posing a significant risk to affected applications.

Affected Version(s)

parse-server 0 < 4.10.0

parse-server 4.10.0

References

https://github.com/parse-community/parse-server/security/...

vendor-advisory

https://www.vulncheck.com/advisories/parse-server-unrevie...

third-party-advisory

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 21, 2026

CVE-2021-47986 Data

JSON