Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm parse-server Security Advisories
Browse all Security Advisories for npm parse-server
Loading...
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 2 months ago
GSA_kwCzR0hTQS04eHE5LWc3Y2gtMzVoZ84AA_9o
Parse Server's custom object ID allows to acquire role privilegesEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 5 months ago
GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass VulnerabilityEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 5 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 8 months ago
GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD
Server crashes on invalid Cloud Function or Cloud Job nameEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 8 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 9 months ago
GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL InjectionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 9 months ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 1 year ago
GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK
Parse Server may crash when uploading file without extensionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 1 year ago
GSA_kwCzR0hTQS1mY3Y2LWZnNXItam05cc4AA1rK
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointerEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 1 year ago
GSA_kwCzR0hTQS00NjJ4LWMzanctN3ZyNs4AA0KN
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollutionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
GSA_kwCzR0hTQS05cHJtLWpxd3gtNDV4Oc4AAzkR
Phishing attack vulnerability by uploading malicious HTML fileEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
GSA_kwCzR0hTQS12bTVyLWM4N3ItcGY2eM4AAxTe
Parse Server option `masterKeyIps` vulnerability to IP spoofingEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 2 years ago
GSA_kwCzR0hTQS05M3Z3LThmbTUtcDJqZs4AAv0A
Parse Server is vulnerable to Prototype Pollution via Cloud Code WebhooksEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 2 years ago
GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code TriggersEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh
Remote code execution via MongoDB BSON parser through prototype pollutionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 2 years ago
GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP
parse-server crashes when receiving file download request with invalid byte rangeEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 2 years ago
Low
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 2 years ago
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumventedEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 2 years ago
GSA_kwCzR0hTQS02dzRxLTIzY2YtajlqcM4AAu98
parse-server's session object properties can be updated by foreign user if object ID is knownEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 2 years ago
GSA_kwCzR0hTQS0ybTZnLWNydjgtcDNjNs4AAu2I
Parse Server vulnerable to brute force guessing of user sensitive data via search patternsEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 2 years ago
GSA_kwCzR0hTQS1jcnJxLXZyOWotZnh4aM4AAtHz
Protected fields exposed via LiveQueryEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 2 years ago
GSA_kwCzR0hTQS14dzZnLWpqdmYtd3dmOc4AAs4W
Invalid file request can crash serverEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 2 years ago
GSA_kwCzR0hTQS1yaDlqLWY1ZjgtcnZnY84AArtc
Authentication bypass vulnerability in Apple Game Center auth adapterEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 2 years ago
GSA_kwCzR0hTQS1xZjh4LXZxanYtOTJncs3fnA
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapterEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: over 2 years ago
GSA_kwCzR0hTQS1wNmg0LTkzcXAtamhjbc0yJA
Command injection in Parse Server through prototype pollutionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: over 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 3 years ago
GSA_kwCzR0hTQS03cHIzLXA1Zm0tOHI5eM0WDw
LiveQuery publishes user session tokens in parse-serverEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 3 years ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
GSA_kwCzR0hTQS01OTN2LXdjcXgtaHEyd80Vlw
Incorrect version tags linked to external repositoryEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 3 years ago
GSA_kwCzR0hTQS14cXA4LXc4MjYtaGg2eM0Vig
Parse Server crashes with query parameterEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzcjQtNW14cC1jN2c1
parse-server new anonymous user session acts as if it's created with passwordEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 3 years ago
Low
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NDYtdzQ0bS0zanEz
Parse Server stores password in plain textEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4bTIteGoycS1xZ3Bq
receiving subscription objects with deleted sessionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 4 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzNmgtcnF2OC04cTcz
GraphQL: Security breach on Viewer queryEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 4 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0bWYtNzVoZi02N3c0
Information disclosure in parse-serverEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3M2otZzk4My04amg1
Sensitive Data Exposure in parse-serverEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 5 years ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NzktcXZ2Ny00N3Fx
Parse Server before v3.4.1 vulnerable to Denial of ServiceEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 5 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 1
Ecosystems: 12
Packages: 9,040
Repositories: 1
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
31
electron
26
directus
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
next
18
tinymce
16
sequelize
16
ghost
15
ckeditor4
15
joplin
14
swagger-ui
14
undici
13
angular
13
strapi
13
vm2
12
nodebb
12
marked
11
handlebars
11
bootstrap
11
matrix-js-sdk
11
tinymce/tinymce
11
TinyMCE
11
nocodb
10
flowise
10
@evershop/evershop
9
matrix-react-sdk
9
bootstrap
9
org.webjars:bootstrap
9
@strapi/strapi
9
next-auth
9
bootstrap
9
serve
9
twbs/bootstrap
9
systeminformation
8
express-cart
8
tar
8
urijs
8
matrix-appservice-irc
8
node-forge
8
npm
8
editor.md
8
url-parse
8
jsrsasign
8
validator
8
jquery
8
jquery-rails
8
org.webjars.npm:jquery
8
steal
8
dompurify
7
hermes-engine
7
sanitize-html
7
shescape
7
snyk-broker
7
lodash
7
jQuery
7
bootstrap-sass
7
bootstrap.sass
7
jQuery.UI.Combined
7
org.webjars.npm:jquery-ui
7
total.js
7
elliptic
7
jquery-ui-rails
7
jquery-ui
7
vite
7
uptime-kuma
7
hapi
7
bootstrap-sass
6
rsshub
6
parse-url
6
@strapi/plugin-users-permissions
6
safe-eval
6
aaptjs
6
mongoose
5
mattermost-desktop
5
prismjs
5
mysql2
5
openpgp
5
lunary
5
total4
5
ua-parser-js
5
public
5
rendertron
5
yarn
5
dojo
5
axios
5
vditor
5
xlsx
5
lodash-es
5
keystone
5
ejs
5
@saltcorn/server
5
sweetalert2
5
mermaid
5
ws
5
realms-shim
4
convert-svg-core
4
hono
4
auth0-js
4
fastify
4
simple-git
4
hummus
4
muhammara
4
@keystone-6/core
4
fast-xml-parser
4
engine.io
4
materialize-css
4
apollo-server-core
4
glance
4
mongo-express
4
simple-markdown
4
auth0-lock
4
vega
4
apostrophe
4
safer-eval
4
valine
4
remarkable
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
aws-iot-device-sdk-v2
4
generator-jhipster
4
awsiotsdk
4
jsonwebtoken
4
meshcentral
4
qs
4
ecstatic
4
@lobehub/chat
4
katex
4
@backstage/plugin-scaffolder-backend
4
express
4
follow-redirects
4
moment
4
django-tinymce
3
notevil
3
jquery-validation
3
@commercial/subtext
3
locutus
3
node-red-dashboard
3
@uppy/companion
3
xmldom
3
feathers-sequelize
3
object-path
3
layui
3
postcss
3
xdLocalStorage
3
jose-node-esm-runtime
3
jose-node-cjs-runtime
3
ftp-srv
3
@frangoteam/fuxa
3
org.webjars.npm:xlsx
3
connect
3
froala-editor
3
braces
3
node-opcua
3
statics-server
3
dns-sync
3
stimulsoft-dashboards-js
3
codecov
3
mysql
3
js-yaml
3
yapi-vendor
3
fuxa-server
3
mixme
3
mxgraph
3
express-fileupload
3
@cubejs-backend/api-gateway
3
slpjs
3
renovate
3
nodemailer
3
raneto
3
@backstage/techdocs-common
3
snyk
3
ids-enterprise
3
@ckeditor/ckeditor5-markdown-gfm
3
@jmondi/url-to-png
3
uap-core
3
agnai
3
ag-grid-community
3
blamer
3
openmct
3
@vrite/sdk
3
immer
3
socket.io-parser
3
@strapi/utils
3
@materializecss/materialize
3
jspdf
3
bson
3
@janhq/core
3
docsify
3
simplehttpserver
3
buttle
3
jose
3
apollo-server
3
wrangler
3
n8n
3
@soketi/soketi
3
socket.io-file
3
json-ptr
3
llhttp
3
node-fetch
3
bin-links
3
Filter by Repository