Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Browse Security Advisories

Security Advisories for parse-server for https://github.com/parse-community/parse-server in npm Clear Filters

Moderate
about 1 month ago

Parse Server exposes the data schema via GraphQL API GSA_kwCzR0hTQS00OHEzLXByZ3YtZ200d84ABKBL

npm parse-server
Moderate
5 months ago

Parse Server has an OAuth login vulnerability GSA_kwCzR0hTQS04MzdxLWpod3gtY21wds4ABFxW

npm parse-server
High
11 months ago

Parse Server's custom object ID allows to acquire role privileges GSA_kwCzR0hTQS04eHE5LWc3Y2gtMzVoZ84AA_9o

npm parse-server
Critical
about 1 year ago

ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co

npm parse-server
Critical
over 1 year ago

Server crashes on invalid Cloud Function or Cloud Job name GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD

npm parse-server
Critical
over 1 year ago

ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK

npm parse-server
High
almost 2 years ago

Parse Server may crash when uploading file without extension GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK

npm parse-server
High
almost 2 years ago

Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer GSA_kwCzR0hTQS1mY3Y2LWZnNXItam05cc4AA1rK

npm parse-server
Critical
about 2 years ago

Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution GSA_kwCzR0hTQS00NjJ4LWMzanctN3ZyNs4AA0KN

npm parse-server
Moderate
about 2 years ago

Phishing attack vulnerability by uploading malicious HTML file GSA_kwCzR0hTQS05cHJtLWpxd3gtNDV4Oc4AAzkR

npm parse-server
High
over 2 years ago

Parse Server option `masterKeyIps` vulnerability to IP spoofing GSA_kwCzR0hTQS12bTVyLWM4N3ItcGY2eM4AAxTe

npm parse-server
High
almost 3 years ago

Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks GSA_kwCzR0hTQS05M3Z3LThmbTUtcDJqZs4AAv0A

npm parse-server
High
almost 3 years ago

Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw

npm parse-server
Critical
almost 3 years ago

Remote code execution via MongoDB BSON parser through prototype pollution GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh

npm parse-server
High
almost 3 years ago

parse-server crashes when receiving file download request with invalid byte range GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP

npm parse-server
Low
almost 3 years ago

parse-server auth adapter app ID validation can be circumvented GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-

npm parse-server
Moderate
almost 3 years ago

parse-server's session object properties can be updated by foreign user if object ID is known GSA_kwCzR0hTQS02dzRxLTIzY2YtajlqcM4AAu98

npm parse-server
High
almost 3 years ago

Parse Server vulnerable to brute force guessing of user sensitive data via search patterns GSA_kwCzR0hTQS0ybTZnLWNydjgtcDNjNs4AAu2I

npm parse-server
High
about 3 years ago

Protected fields exposed via LiveQuery GSA_kwCzR0hTQS1jcnJxLXZyOWotZnh4aM4AAtHz

npm parse-server
High
about 3 years ago

Invalid file request can crash server GSA_kwCzR0hTQS14dzZnLWpqdmYtd3dmOc4AAs4W

npm parse-server
High
about 3 years ago

Authentication bypass vulnerability in Apple Game Center auth adapter GSA_kwCzR0hTQS1yaDlqLWY1ZjgtcnZnY84AArtc

npm parse-server
High
over 3 years ago

Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter GSA_kwCzR0hTQS1xZjh4LXZxanYtOTJncs3fnA

npm parse-server
Critical
over 3 years ago

Command injection in Parse Server through prototype pollution GSA_kwCzR0hTQS1wNmg0LTkzcXAtamhjbc0yJA

npm parse-server
High
almost 4 years ago

LiveQuery publishes user session tokens in parse-server GSA_kwCzR0hTQS03cHIzLXA1Zm0tOHI5eM0WDw

npm parse-server
Critical
almost 4 years ago

Incorrect version tags linked to external repository GSA_kwCzR0hTQS01OTN2LXdjcXgtaHEyd80Vlw

npm parse-server
High
almost 4 years ago

Parse Server crashes with query parameter GSA_kwCzR0hTQS14cXA4LXc4MjYtaGg2eM0Vig

npm parse-server
Moderate
almost 4 years ago

parse-server new anonymous user session acts as if it's created with password MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzcjQtNW14cC1jN2c1

npm parse-server
Low
over 4 years ago

Parse Server stores password in plain text MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NDYtdzQ0bS0zanEz

npm parse-server
Moderate
almost 5 years ago

receiving subscription objects with deleted session MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4bTIteGoycS1xZ3Bq

npm parse-server
Moderate
about 5 years ago

GraphQL: Security breach on Viewer query MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzNmgtcnF2OC04cTcz

npm parse-server
High
over 5 years ago

Information disclosure in parse-server MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0bWYtNzVoZi02N3c0

npm parse-server
Moderate
about 6 years ago

Sensitive Data Exposure in parse-server MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3M2otZzk4My04amg1

npm parse-server
High
about 6 years ago

Parse Server before v3.4.1 vulnerable to Denial of Service MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NzktcXZ2Ny00N3Fx

npm parse-server

Filter by Severity

Moderate 10,204 High 8,098 Critical 3,334 Low 1,468

Filter by Ecosystem

maven 6,768 packagist 5,381 pypi 4,875 npm 4,236 go 2,872 nuget 1,702 cargo 1,075 rubygems 928 hex 37 swift 36 actions 34 pub 10

Filter by Package

directus 39 parse-server 33 electron 28 next 26 @openzeppelin/contracts-upgradeable 22 @openzeppelin/contracts 21 flowise 17 tinymce 16 sequelize 16 ckeditor4 15 ghost 15 undici 15 swagger-ui 14 angular 14 joplin 14 vite 13 nodebb 13 strapi 13 vm2 12 marked 12 nocodb 11 handlebars 11 TinyMCE 11 bootstrap 11 matrix-js-sdk 11 tinymce/tinymce 11 twbs/bootstrap 9 uptime-kuma 9 @evershop/evershop 9 bootstrap 9 matrix-appservice-irc 9 systeminformation 9 org.webjars:bootstrap 9 serve 9 bootstrap 9 n8n 9 next-auth 9 matrix-react-sdk 9 @strapi/strapi 9 steal 8 tar 8 shescape 8 node-forge 8 editor.md 8 validator 8 npm 8 jquery-rails 8 dompurify 8 @haxtheweb/haxcms-nodejs 8 org.webjars.npm:jquery 8 express-cart 8 url-parse 8 @directus/api 8 urijs 8 jquery 8 elliptic 8 jsrsasign 8 total.js 7 lodash 7 jQuery.UI.Combined 7 vega 7 org.webjars.npm:jquery-ui 7 jquery-ui-rails 7 bootstrap-sass 7 sanitize-html 7 lodash-rails 7 jquery-ui 7 mermaid 7 jQuery 7 mongoose 7 hermes-engine 7 bootstrap.sass 7 bootstrap-sass 7 snyk-broker 7 hapi 7 @strapi/plugin-users-permissions 6 openpgp 6 mattermost-desktop 6 aaptjs 6 tarteaucitronjs 6 parse-url 6 prismjs 6 @sveltejs/kit 6 safe-eval 6 axios 6 rsshub 6 @backstage/plugin-scaffolder-backend 5 dojo 5 froala-editor 5 @keystone-6/core 5 @lobehub/chat 5 yarn 5 passport-wsfed-saml2 5 fastify 5 vditor 5 mysql2 5 public 5 keystone 5 better-auth 5 express 5 @saltcorn/server 5 ua-parser-js 5 katex 5 trix 5 astro 5 total4 5 rendertron 5 ws 5 sweetalert2 5 aws-cdk-lib 5 ejs 5 lodash-es 5 xlsx 5 xml-crypto 4 vue-i18n 4 remarkable 4 jsonwebtoken 4 awsiotsdk 4 @apollo/gateway 4 @node-saml/node-saml 4 code-server 4 nuxt 4 muhammara 4 ecstatic 4 pnpm 4 @anthropic-ai/claude-code 4 @auth0/nextjs-auth0 4 safer-eval 4 apostrophe 4 generator-jhipster 4 qs 4 simple-git 4 aws-iot-device-sdk-v2 4 petite-vue-i18n 4 mongo-express 4 valine 4 realms-shim 4 ses 4 auth0-lock 4 simple-markdown 4 vega-functions 4 @finos/git-proxy 4 hummus 4 yui 4 glance 4 auth0-js 4 materialize-css 4 jquery-validation 4 follow-redirects 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 erxes 4 engine.io 4 fast-xml-parser 4 mongosh 4 convert-svg-core 4 jspdf 4 multer 4 @intlify/vue-i18n-core 4 apollo-server-core 4 hono 4 moment 4 meshcentral 4 snyk 4 agnai 3 dns-sync 3 @intlify/core-base 3 slpjs 3 jose 3 blamer 3 dset 3 xdLocalStorage 3 passport-saml 3 yapi-vendor 3 mxgraph 3 sails 3 docsify 3 connect 3 llhttp 3 m-server 3 open-webui 3 ftp-srv 3 highcharts 3 socket.io-file 3 org.webjars.npm:xlsx 3 postcss 3 @soketi/soketi 3 uap-core 3 @intlify/core 3 django-tinymce 3 @strapi/utils 3 localhost-now 3 wrangler 3 libxmljs 3 json-pointer 3 serialize-javascript 3 @cubejs-backend/api-gateway 3 jointjs 3 @janhq/core 3 slp-validate 3 webpack-dev-server 3

Filter by Repository

https://github.com/parse-community/parse-server 33