Supply Chain Incident in Parse Server by Parse Community
CVE-2021-47987

7.7HIGH

Key Information:

Vendor: Parse-community
Status: Parse-server
Vendor: CVE Published:; 25 June 2026

🔔 Create Parse-community Vulnerability Alert

What is CVE-2021-47987?

Parse Server, prior to version 4.10.0, experienced a supply chain incident that involved the unintended publication of incorrect version tags to its official repository. These tags pointed to a contributor's unreviewed personal fork, raising concerns over potential security issues. Although no malicious code was detected, the lack of review for the code associated with these tags could have allowed for the introduction of unaddressed vulnerabilities. Developers using git-based dependencies referencing these affected tags may have inadvertently exposed their projects to security risks.

Affected Version(s)

parse-server 0 < 4.10.0

parse-server 4.10.0

References

https://github.com/parse-community/parse-server/security/...

vendor-advisory

https://www.vulncheck.com/advisories/parse-server-arbitra...

third-party-advisory

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 21, 2026

CVE-2021-47987 Data

JSON