Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm parse-server Security Advisories
Loading...
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK
Parse Server may crash when uploading file without extensionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1mY3Y2LWZnNXItam05cc4AA1rK
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointerEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 3 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS00NjJ4LWMzanctN3ZyNs4AA0KN
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollutionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS05cHJtLWpxd3gtNDV4Oc4AAzkR
Phishing attack vulnerability by uploading malicious HTML fileEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS12bTVyLWM4N3ItcGY2eM4AAxTe
Parse Server option `masterKeyIps` vulnerability to IP spoofingEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 10 months ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS05M3Z3LThmbTUtcDJqZs4AAv0A
Parse Server is vulnerable to Prototype Pollution via Cloud Code WebhooksEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code TriggersEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh
Remote code execution via MongoDB BSON parser through prototype pollutionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP
parse-server crashes when receiving file download request with invalid byte rangeEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
Low
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumventedEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS02dzRxLTIzY2YtajlqcM4AAu98
parse-server's session object properties can be updated by foreign user if object ID is knownEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS0ybTZnLWNydjgtcDNjNs4AAu2I
Parse Server vulnerable to brute force guessing of user sensitive data via search patternsEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1jcnJxLXZyOWotZnh4aM4AAtHz
Protected fields exposed via LiveQueryEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS14dzZnLWpqdmYtd3dmOc4AAs4W
Invalid file request can crash serverEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1yaDlqLWY1ZjgtcnZnY84AArtc
Authentication bypass vulnerability in Apple Game Center auth adapterEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1xZjh4LXZxanYtOTJncs3fnA
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapterEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1wNmg0LTkzcXAtamhjbc0yJA
Command injection in Parse Server through prototype pollutionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 2 years ago
GSA_kwCzR0hTQS03cHIzLXA1Zm0tOHI5eM0WDw
LiveQuery publishes user session tokens in parse-serverEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 2 years ago
GSA_kwCzR0hTQS01OTN2LXdjcXgtaHEyd80Vlw
Incorrect version tags linked to external repositoryEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 2 years ago
GSA_kwCzR0hTQS14cXA4LXc4MjYtaGg2eM0Vig
Parse Server crashes with query parameterEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzcjQtNW14cC1jN2c1
parse-server new anonymous user session acts as if it's created with passwordEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 2 years ago
Low
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NDYtdzQ0bS0zanEz
Parse Server stores password in plain textEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: almost 3 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4bTIteGoycS1xZ3Bq
receiving subscription objects with deleted sessionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzNmgtcnF2OC04cTcz
GraphQL: Security breach on Viewer queryEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 3 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0bWYtNzVoZi02N3c0
Information disclosure in parse-serverEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3M2otZzk4My04amg1
Sensitive Data Exposure in parse-serverEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 4 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NzktcXZ2Ny00N3Fx
Parse Server before v3.4.1 vulnerable to Denial of ServiceEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: over 4 years ago
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
27
electron
26
@openzeppelin/contracts-upgradeable
19
@openzeppelin/contracts
18
sequelize
17
marked
16
swagger-ui
14
tinymce
13
handlebars
13
next
13
strapi
13
vm2
12
directus
12
ghost
11
nodebb
11
ckeditor4
11
angular
10
jquery-rails
10
jquery
10
next-auth
9
org.webjars.npm:jquery
9
validator
9
serve
9
systeminformation
8
url-parse
8
node-forge
8
urijs
8
matrix-js-sdk
8
steal
8
joplin
8
@strapi/strapi
8
npm
8
jQuery.UI.Combined
8
jquery-ui
8
org.webjars.npm:jquery-ui
8
jquery-ui-rails
8
jQuery
8
undici
8
editor.md
8
shescape
7
tar
7
nocodb
7
total.js
7
keystone
7
snyk-broker
7
hapi
7
jsrsasign
7
hermes-engine
7
bootstrap
7
TinyMCE
7
tinymce/tinymce
7
lodash
7
matrix-react-sdk
7
matrix-appservice-irc
6
express-cart
6
parse-url
6
safe-eval
6
aaptjs
6
@strapi/plugin-users-permissions
5
sweetalert2
5
generator-jhipster
5
qs
5
ua-parser-js
5
rendertron
5
dojo
5
ecstatic
5
dns-sync
5
safer-eval
5
moment
5
public
5
@sequelize/core
5
jsonwebtoken
5
lodash-es
5
total4
5
openpgp
5
prismjs
5
sanitize-html
5
aws-iot-device-sdk-v2
4
awsiotsdk
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
engine.io
4
rsshub
4
simple-git
4
glance
4
axios
4
hummus
4
yarn
4
muhammara
4
apostrophe
4
valine
4
apollo-server-core
4
dompurify
4
protobufjs
4
highcharts
4
is-my-json-valid
4
auth0-js
4
vditor
4
@keystone-6/core
4
xmldom
4
materialize-css
4
sails
4
ejs
4
passport-wsfed-saml2
4
realms-shim
4
mermaid
4
fastify
4
@backstage/plugin-scaffolder-backend
4
ws
4
xlsx
4
remarkable
4
vega
4
auth0-lock
4
simple-markdown
4
mongoose
4
postcss
3
llhttp
3
tough-cookie
3
@strapi/utils
3
snyk
3
xdLocalStorage
3
jwt-simple
3
mixme
3
static-eval
3
jspdf
3
nadesiko3
3
docsify
3
openmct
3
ftp-srv
3
jointjs
3
@frangoteam/fuxa
3
aedes
3
@hapi/subtext
3
subtext
3
node-fetch
3
bin-links
3
node-red-dashboard
3
loader-utils
3
ses
3
apollo-server
3
harp
3
immer
3
fuxa-server
3
socket.io-parser
3
node-opcua
3
hekto
3
object-path
3
mysql
3
@uppy/companion
3
json-pointer
3
minimist
3
slpjs
3
froala-editor
3
blamer
3
convert-svg-core
3
yapi-vendor
3
node-ipc
3
code-server
3
grunt
3
mathjs
3
notevil
3
send
3
feathers-sequelize
3
keycloak-connect
3
json-ptr
3
convict
3
mongo-express
3
org.webjars.npm:xlsx
3
@soketi/soketi
3
locutus
3
@backstage/techdocs-common
3
jquery-validation
3
codecov
3
bson
3
socket.io-file
3
@ckeditor/ckeditor5-markdown-gfm
3
n8n
3
uap-core
3
@commercial/subtext
3
parsel
3
express-fileupload
3
http-live-simulator
3
lodash.defaultsdeep
3
buttle
3
@materializecss/materialize
3
serialize-to-js
3
m-server
3
uptime-kuma
3
@vrite/sdk
3
slp-validate
3
dojox
3
connect
3
ids-enterprise
3
localhost-now
3
js-yaml
3
mxgraph
3
uglify-js
3
simplehttpserver
3
https-proxy-agent
3
fast-xml-parser
3
node-jose
3
raneto
3
@apollo/server
3
request
2
cli
2
mixin-deep
2
is-svg
2
matrix-appservice-bridge
2
merge-deep
2
fastify-static
2
detect-character-encoding
2
dijit
2
crypto-js
2
Moment.js
2
pullit
2
hawk
2
bootstrap
2
jQuery.Validation
2
@fastify/passport
2
lazysizes
2
node-rules
2
macaddress
2
http-proxy-agent
2
decal
2
waterline-sequel
2
merge
2
@claviska/jquery-minicolors
2
whereis
2
sshpk
2
jszip
2
@node-red/runtime
2
canvas
2
nunjucks
2
highlight.js
2
sockjs
2
electron-markdownify
2
async-git
2
multi-ini
2
braces
2
@hapi/hoek
2
lodash.merge
2
isolated-vm
2
saml2-js
2
yeoman-genrator
2
json-serializer
2
ibm_db
2
node-saml
2
quill
2
defaults-deep
2
loopback
2
converse.js
2
set-in
2
jodit
2
minimatch
2
flatmap-stream
2
angular-expressions
2
google-closure-library
2
jose-node-cjs-runtime
2
jose-node-esm-runtime
2
jose-browser-runtime
2
jose
2
papaparse
2
fs-path
2
knockout
2
moment-timezone
2
@actions/core
2
vite
2
constantinople
2
list-n-stream
2
node-simple-router
2
renovate
2
@builder.io/qwik
2
tomato
2
serve-lite
2
shell-quote
2
sharp
2
bootstrap-table
2
jquery
2
@vendure/core
2
bootbox
2
payload
2
node-static
2
@adobe/css-tools
2
deep-get-set
2
deap
2
@strapi/plugin-content-manager
2
fast-string-search
2
crud-file-server
2
dot
2
serialize-javascript
2
giting
2
@finastra/nestjs-proxy
2
querymen
2
jsuites
2
jpeg-js
2
set-value
2
@xmldom/xmldom
2
semver-regex
2
mout
2
ungit
2
html-janitor
2