Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

parse-server

npm

An express module providing a Parse-compatible API server

View on github.com · View on npmjs.org

Security Advisories for parse-server in npm

Critical
about 2 hours ago

Parse Server: SQL injection via dot-notation field name in PostgreSQL GSA_kwCzR0hTQS1xcHI0LWpyajQtNmYyN84ABTX0

npm parse-server
High
about 19 hours ago

Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution GSA_kwCzR0hTQS01ajg2LTdyN20tcDhoNs4ABTXH

npm parse-server
Moderate
about 19 hours ago

Parse Server has denylist `requestKeywordDenylist` keyword scan bypass through nested object placement GSA_kwCzR0hTQS1xMzQyLTl3MnAtNTdmcM4ABTXG

npm parse-server
High
about 19 hours ago

Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery GSA_kwCzR0hTQS1tZjNqLTg2cXgtY3E1as4ABTXF

npm parse-server
Critical
1 day ago

Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters GSA_kwCzR0hTQS14NmZ3LTc3OG0td3I5ds4ABTWT

npm parse-server
Moderate
1 day ago

Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled GSA_kwCzR0hTQS1xNXE5LTJyaHAtMzNxd84ABTWS

npm parse-server
Moderate
1 day ago

Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization GSA_kwCzR0hTQS1od3g4LXE5Y2ctbXFtY84ABTWR

npm parse-server
Moderate
1 day ago

Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory GSA_kwCzR0hTQS1obTNmLXE2cnctbTZ3aM4ABTWQ

npm parse-server
Moderate
4 days ago

parse-server: Malformed `$regex` query leaks database error details in API response GSA_kwCzR0hTQS05Y3A3LTNxNXctajkyZ84ABTSP

npm parse-server
High
4 days ago

parse-server's endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user GSA_kwCzR0hTQS03OXdqLThycXYtanZwNc4ABTSA

npm parse-server
Moderate
4 days ago

parse-server's file creation and deletion bypasses `readOnlyMasterKey` write restriction GSA_kwCzR0hTQS14Zmg3LXBocjctZ3IyeM4ABTR_

npm parse-server
High
6 days ago

Parse Server's Cloud Hooks and Cloud Jobs bypass `readOnlyMasterKey` write restriction GSA_kwCzR0hTQS12Yzg5LTVnM3ItY21oaM4ABTJd

npm parse-server
Critical
13 days ago

Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter GSA_kwCzR0hTQS00cTNoLXZwNHItcHJ2Ms4ABS2R

npm parse-server
High
3 months ago

Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter GSA_kwCzR0hTQS0zZjVmLXhncmotOTdwZs4ABP1h

npm parse-server
Moderate
3 months ago

Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables GSA_kwCzR0hTQS1qaGdmLTJoOGgtZ2d4ds4ABP1Q

npm parse-server
Moderate
4 months ago

Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details GSA_kwCzR0hTQS03Y3g1LTI1NHgtY2dycc4ABOfh

npm parse-server
High
4 months ago

Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format GSA_kwCzR0hTQS14NHFqLTJmNHEtcjRyeM4ABOO_

npm parse-server
Moderate
8 months ago

Parse Server exposes the data schema via GraphQL API GSA_kwCzR0hTQS00OHEzLXByZ3YtZ200d84ABKBL

npm parse-server
Moderate
12 months ago

Parse Server has an OAuth login vulnerability GSA_kwCzR0hTQS04MzdxLWpod3gtY21wds4ABFxW

npm parse-server
High
over 1 year ago

Parse Server's custom object ID allows to acquire role privileges GSA_kwCzR0hTQS04eHE5LWc3Y2gtMzVoZ84AA_9o

npm parse-server
Critical
over 1 year ago

ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co

npm parse-server
Critical
almost 2 years ago

Server crashes on invalid Cloud Function or Cloud Job name GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD

npm parse-server
Critical
about 2 years ago

ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK

npm parse-server
High
over 2 years ago

Parse Server may crash when uploading file without extension GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK

npm parse-server
High
over 2 years ago

Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer GSA_kwCzR0hTQS1mY3Y2LWZnNXItam05cc4AA1rK

npm parse-server
Critical
over 2 years ago

Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution GSA_kwCzR0hTQS00NjJ4LWMzanctN3ZyNs4AA0KN

npm parse-server
Moderate
almost 3 years ago

Phishing attack vulnerability by uploading malicious HTML file GSA_kwCzR0hTQS05cHJtLWpxd3gtNDV4Oc4AAzkR

npm parse-server
High
about 3 years ago

Parse Server option `masterKeyIps` vulnerability to IP spoofing GSA_kwCzR0hTQS12bTVyLWM4N3ItcGY2eM4AAxTe

npm parse-server
High
over 3 years ago

Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks GSA_kwCzR0hTQS05M3Z3LThmbTUtcDJqZs4AAv0A

npm parse-server
High
over 3 years ago

Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw

npm parse-server
Critical
over 3 years ago

Remote code execution via MongoDB BSON parser through prototype pollution GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh

npm parse-server
High
over 3 years ago

parse-server crashes when receiving file download request with invalid byte range GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP

npm parse-server
Low
over 3 years ago

parse-server auth adapter app ID validation can be circumvented GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-

npm parse-server
Moderate
over 3 years ago

parse-server's session object properties can be updated by foreign user if object ID is known GSA_kwCzR0hTQS02dzRxLTIzY2YtajlqcM4AAu98

npm parse-server
High
over 3 years ago

Parse Server vulnerable to brute force guessing of user sensitive data via search patterns GSA_kwCzR0hTQS0ybTZnLWNydjgtcDNjNs4AAu2I

npm parse-server
High
over 3 years ago

Protected fields exposed via LiveQuery GSA_kwCzR0hTQS1jcnJxLXZyOWotZnh4aM4AAtHz

npm parse-server
High
over 3 years ago

Invalid file request can crash server GSA_kwCzR0hTQS14dzZnLWpqdmYtd3dmOc4AAs4W

npm parse-server
High
over 3 years ago

Authentication bypass vulnerability in Apple Game Center auth adapter GSA_kwCzR0hTQS1yaDlqLWY1ZjgtcnZnY84AArtc

npm parse-server
High
almost 4 years ago

Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter GSA_kwCzR0hTQS1xZjh4LXZxanYtOTJncs3fnA

npm parse-server
Critical
almost 4 years ago

Command injection in Parse Server through prototype pollution GSA_kwCzR0hTQS1wNmg0LTkzcXAtamhjbc0yJA

npm parse-server
High
over 4 years ago

LiveQuery publishes user session tokens in parse-server GSA_kwCzR0hTQS03cHIzLXA1Zm0tOHI5eM0WDw

npm parse-server
Critical
over 4 years ago

Incorrect version tags linked to external repository GSA_kwCzR0hTQS01OTN2LXdjcXgtaHEyd80Vlw

npm parse-server
High
over 4 years ago

Parse Server crashes with query parameter GSA_kwCzR0hTQS14cXA4LXc4MjYtaGg2eM0Vig

npm parse-server
Moderate
over 4 years ago

parse-server new anonymous user session acts as if it's created with password MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzcjQtNW14cC1jN2c1

npm parse-server
Low
about 5 years ago

Parse Server stores password in plain text MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NDYtdzQ0bS0zanEz

npm parse-server
Moderate
over 5 years ago

receiving subscription objects with deleted session MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4bTIteGoycS1xZ3Bq

npm parse-server
Moderate
over 5 years ago

GraphQL: Security breach on Viewer query MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzNmgtcnF2OC04cTcz

npm parse-server
High
about 6 years ago

Information disclosure in parse-server MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0bWYtNzVoZi02N3c0

npm parse-server
Moderate
over 6 years ago

Sensitive Data Exposure in parse-server MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3M2otZzk4My04amg1

npm parse-server
High
over 6 years ago

Parse Server before v3.4.1 vulnerable to Denial of Service MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NzktcXZ2Ny00N3Fx

npm parse-server

Filter by Severity

High 22 Moderate 16 Critical 10 Low 2