Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm parse-server Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 11 days ago
Critical
GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD
Server crashes on invalid Cloud Function or Cloud Job name
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 4 months ago
High
GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK
Parse Server may crash when uploading file without extension
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: 9 months ago
High
GSA_kwCzR0hTQS1mY3Y2LWZnNXItam05cc4AA1rK
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: 10 months ago
Critical
GSA_kwCzR0hTQS00NjJ4LWMzanctN3ZyNs4AA0KN
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05cHJtLWpxd3gtNDV4Oc4AAzkR
Phishing attack vulnerability by uploading malicious HTML file
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS12bTVyLWM4N3ItcGY2eM4AAxTe
Parse Server option `masterKeyIps` vulnerability to IP spoofing
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS05M3Z3LThmbTUtcDJqZs4AAv0A
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh
Remote code execution via MongoDB BSON parser through prototype pollution
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP
parse-server crashes when receiving file download request with invalid byte range
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumvented
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02dzRxLTIzY2YtajlqcM4AAu98
parse-server's session object properties can be updated by foreign user if object ID is known
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0ybTZnLWNydjgtcDNjNs4AAu2I
Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jcnJxLXZyOWotZnh4aM4AAtHz
Protected fields exposed via LiveQuery
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS14dzZnLWpqdmYtd3dmOc4AAs4W
Invalid file request can crash server
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yaDlqLWY1ZjgtcnZnY84AArtc
Authentication bypass vulnerability in Apple Game Center auth adapter
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xZjh4LXZxanYtOTJncs3fnA
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wNmg0LTkzcXAtamhjbc0yJA
Command injection in Parse Server through prototype pollution
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS03cHIzLXA1Zm0tOHI5eM0WDw
LiveQuery publishes user session tokens in parse-server
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS01OTN2LXdjcXgtaHEyd80Vlw
Incorrect version tags linked to external repository
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS14cXA4LXc4MjYtaGg2eM0Vig
Parse Server crashes with query parameter
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzcjQtNW14cC1jN2c1
parse-server new anonymous user session acts as if it's created with password
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NDYtdzQ0bS0zanEz
Parse Server stores password in plain text
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4bTIteGoycS1xZ3Bq
receiving subscription objects with deleted session
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzNmgtcnF2OC04cTcz
GraphQL: Security breach on Viewer query
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0bWYtNzVoZi02N3c0
Information disclosure in parse-server
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3M2otZzk4My04amg1
Sensitive Data Exposure in parse-server
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NzktcXZ2Ny00N3Fx
Parse Server before v3.4.1 vulnerable to Denial of Service
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 5 years ago
Statistics
Advisories: 19,479
Packages: 8,596
Repositories: 1
Ecosystems: 12
Filter by Package
parse-server 30 electron 26 @openzeppelin/contracts-upgradeable 21 directus 21 @openzeppelin/contracts 20 tinymce 16 next 16 sequelize 16 ghost 14 swagger-ui 14 joplin 13 undici 13 ckeditor4 13 strapi 13 vm2 12 angular 11 handlebars 11 TinyMCE 11 tinymce/tinymce 11 marked 11 nodebb 11 nocodb 10 serve 9 next-auth 9 @evershop/evershop 9 @strapi/strapi 8 npm 8 express-cart 8 validator 8 urijs 8 matrix-js-sdk 8 matrix-appservice-irc 8 node-forge 8 jsrsasign 8 bootstrap 8 systeminformation 8 url-parse 8 steal 8 editor.md 8 org.webjars.npm:jquery 8 jquery-rails 8 jquery 8 tar 8 hapi 7 lodash 7 jQuery 7 total.js 7 sanitize-html 7 snyk-broker 7 uptime-kuma 7 shescape 7 matrix-react-sdk 7 jquery-ui 7 hermes-engine 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 @strapi/plugin-users-permissions 6 parse-url 6 aaptjs 6 rsshub 6 safe-eval 6 ejs 5 total4 5 sweetalert2 5 prismjs 5 lodash-es 5 dojo 5 openpgp 5 ws 5 vite 5 yarn 5 keystone 5 rendertron 5 xlsx 5 ua-parser-js 5 vditor 5 public 5 mysql2 5 mongoose 5 simple-markdown 4 fastify 4 valine 4 ecstatic 4 meshcentral 4 moment 4 mermaid 4 jsonwebtoken 4 muhammara 4 hummus 4 axios 4 auth0-lock 4 realms-shim 4 generator-jhipster 4 auth0-js 4 @backstage/plugin-scaffolder-backend 4 apollo-server-core 4 remarkable 4 materialize-css 4 convert-svg-core 4 glance 4 engine.io 4 vega 4 dompurify 4 apostrophe 4 qs 4 mongo-express 4 @keystone-6/core 4 simple-git 4 awsiotsdk 4 safer-eval 4 aws-iot-device-sdk-v2 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 follow-redirects 4 katex 4 uap-core 3 @apollo/server 3 lodash.defaultsdeep 3 socket.io-parser 3 froala-editor 3 http-live-simulator 3 @sequelize/core 3 feathers-sequelize 3 mixme 3 fuxa-server 3 postcss 3 jointjs 3 statics-server 3 node-opcua 3 braces 3 localhost-now 3 json-pointer 3 highcharts 3 @ckeditor/ckeditor5-markdown-gfm 3 jose-node-cjs-runtime 3 json-ptr 3 jose-node-esm-runtime 3 notevil 3 @strapi/plugin-content-manager 3 @backstage/techdocs-common 3 ses 3 sails 3 @janhq/core 3 bootstrap 3 @strapi/utils 3 slpjs 3 keycloak-connect 3 snyk 3 @materializecss/materialize 3 ids-enterprise 3 bson 3 xmldom 3 jspdf 3 loader-utils 3 stimulsoft-dashboards-js 3 browserify-shim 3 nodemailer 3 fast-xml-parser 3 socket.io-file 3 object-path 3 @lobehub/chat 3 simplehttpserver 3 docsify 3 js-yaml 3 tough-cookie 3 llhttp 3 org.webjars.npm:xlsx 3 jose 3 @commercial/subtext 3 connect 3 grunt 3 node-jose 3 @sveltejs/kit 3 wrangler 3 locutus 3 node-ipc 3 xdLocalStorage 3 m-server 3 typeorm 3 node-fetch 3 bin-links 3 serialize-to-js 3 code-server 3 @cubejs-backend/api-gateway 3 renovate 3 subtext 3 @hapi/subtext 3 raneto 3 @vrite/sdk 3 ftp-srv 3 dns-sync 3 @soketi/soketi 3 mysql 3 parsel 3 nadesiko3 3 @frangoteam/fuxa 3 express-fileupload 3 yapi-vendor 3 mathjs 3 mxgraph 3