Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

parse-server

npm · An express module providing a Parse-compatible API server · Repository · Package

Security Advisories for parse-server in npm

Moderate
3 months ago

Parse Server exposes the data schema via GraphQL API GSA_kwCzR0hTQS00OHEzLXByZ3YtZ200d84ABKBL

npm parse-server
Moderate
7 months ago

Parse Server has an OAuth login vulnerability GSA_kwCzR0hTQS04MzdxLWpod3gtY21wds4ABFxW

npm parse-server
High
12 months ago

Parse Server's custom object ID allows to acquire role privileges GSA_kwCzR0hTQS04eHE5LWc3Y2gtMzVoZ84AA_9o

npm parse-server
Critical
over 1 year ago

ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co

npm parse-server
Critical
over 1 year ago

Server crashes on invalid Cloud Function or Cloud Job name GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD

npm parse-server
Critical
over 1 year ago

ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK

npm parse-server
High
almost 2 years ago

Parse Server may crash when uploading file without extension GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK

npm parse-server
High
about 2 years ago

Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer GSA_kwCzR0hTQS1mY3Y2LWZnNXItam05cc4AA1rK

npm parse-server
Critical
over 2 years ago

Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution GSA_kwCzR0hTQS00NjJ4LWMzanctN3ZyNs4AA0KN

npm parse-server
Moderate
over 2 years ago

Phishing attack vulnerability by uploading malicious HTML file GSA_kwCzR0hTQS05cHJtLWpxd3gtNDV4Oc4AAzkR

npm parse-server
High
over 2 years ago

Parse Server option `masterKeyIps` vulnerability to IP spoofing GSA_kwCzR0hTQS12bTVyLWM4N3ItcGY2eM4AAxTe

npm parse-server
High
almost 3 years ago

Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks GSA_kwCzR0hTQS05M3Z3LThmbTUtcDJqZs4AAv0A

npm parse-server
High
almost 3 years ago

Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw

npm parse-server
Critical
almost 3 years ago

Remote code execution via MongoDB BSON parser through prototype pollution GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh

npm parse-server
High
almost 3 years ago

parse-server crashes when receiving file download request with invalid byte range GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP

npm parse-server
Low
about 3 years ago

parse-server auth adapter app ID validation can be circumvented GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-

npm parse-server
Moderate
about 3 years ago

parse-server's session object properties can be updated by foreign user if object ID is known GSA_kwCzR0hTQS02dzRxLTIzY2YtajlqcM4AAu98

npm parse-server
High
about 3 years ago

Parse Server vulnerable to brute force guessing of user sensitive data via search patterns GSA_kwCzR0hTQS0ybTZnLWNydjgtcDNjNs4AAu2I

npm parse-server
High
about 3 years ago

Protected fields exposed via LiveQuery GSA_kwCzR0hTQS1jcnJxLXZyOWotZnh4aM4AAtHz

npm parse-server
High
over 3 years ago

Invalid file request can crash server GSA_kwCzR0hTQS14dzZnLWpqdmYtd3dmOc4AAs4W

npm parse-server
High
over 3 years ago

Authentication bypass vulnerability in Apple Game Center auth adapter GSA_kwCzR0hTQS1yaDlqLWY1ZjgtcnZnY84AArtc

npm parse-server
High
over 3 years ago

Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter GSA_kwCzR0hTQS1xZjh4LXZxanYtOTJncs3fnA

npm parse-server
Critical
over 3 years ago

Command injection in Parse Server through prototype pollution GSA_kwCzR0hTQS1wNmg0LTkzcXAtamhjbc0yJA

npm parse-server
High
about 4 years ago

LiveQuery publishes user session tokens in parse-server GSA_kwCzR0hTQS03cHIzLXA1Zm0tOHI5eM0WDw

npm parse-server
Critical
about 4 years ago

Incorrect version tags linked to external repository GSA_kwCzR0hTQS01OTN2LXdjcXgtaHEyd80Vlw

npm parse-server
High
about 4 years ago

Parse Server crashes with query parameter GSA_kwCzR0hTQS14cXA4LXc4MjYtaGg2eM0Vig

npm parse-server
Moderate
about 4 years ago

parse-server new anonymous user session acts as if it's created with password MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzcjQtNW14cC1jN2c1

npm parse-server
Low
almost 5 years ago

Parse Server stores password in plain text MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NDYtdzQ0bS0zanEz

npm parse-server
Moderate
almost 5 years ago

receiving subscription objects with deleted session MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4bTIteGoycS1xZ3Bq

npm parse-server
Moderate
about 5 years ago

GraphQL: Security breach on Viewer query MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzNmgtcnF2OC04cTcz

npm parse-server
High
over 5 years ago

Information disclosure in parse-server MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0bWYtNzVoZi02N3c0

npm parse-server
Moderate
about 6 years ago

Sensitive Data Exposure in parse-server MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3M2otZzk4My04amg1

npm parse-server
High
over 6 years ago

Parse Server before v3.4.1 vulnerable to Denial of Service MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NzktcXZ2Ny00N3Fx

npm parse-server

Filter by Severity

High 16 Moderate 8 Critical 7 Low 2