| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-46119 | Parse Server may crash when uploading file without extension | parse-community | parse-server | High | 7.5 | 2023-10-25 00:03:56 | Deep Dive |
| CVE-2023-41058 | Trigger `beforeFind` not invoked in internal query pipeline in parse-server | parse-community | parse-server | High | 7.5 | 2023-09-04 22:39:55 | Deep Dive |
| CVE-2023-36475 | Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution | parse-community | parse-server | Critical | 9.8 | 2023-06-28 22:32:10 | Deep Dive |
| CVE-2023-32689 | Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file | parse-community | parse-server | Medium | 6.3 | 2023-05-30 17:27:18 | Deep Dive |
| CVE-2023-32688 | Invalid push request payload crashes Parse Server | parse-community | parse-server-push-adapter | Medium | 4.9 | 2023-05-27 03:21:27 | Deep Dive |
| CVE-2023-22474 | Parse Server is vulnerable to authentication bypass via spoofing | parse-community | parse-server | High | 8.7 | 2023-02-03 19:57:09 | Deep Dive |
| CVE-2022-39396 | Parse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser | parse-community | parse-server | Critical | 9.8 | 2022-11-10 00:00:00 | Deep Dive |
| CVE-2022-41878 | Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers | parse-community | parse-server | High | 7.2 | 2022-11-10 00:00:00 | Deep Dive |
| CVE-2022-41879 | Parse Server subject to Prototype pollution via Cloud Code Webhooks | parse-community | parse-server | High | 7.2 | 2022-11-10 00:00:00 | Deep Dive |
| CVE-2022-39313 | Parse Server crashes when receiving file download request with invalid byte range | parse-community | parse-server | High | 7.5 | 2022-10-24 00:00:00 | Deep Dive |
| CVE-2022-39231 | Parse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented | parse-community | parse-server | Low | 3.7 | 2022-09-23 07:40:08 | Deep Dive |
| CVE-2022-39225 | Parse Server subject to Incorrect Resource Transfer Between Spheres | parse-community | parse-server | Medium | 4.3 | 2022-09-23 06:40:07 | Deep Dive |
| CVE-2022-36079 | Parse Server vulnerable to brute force guessing of user sensitive data via search patterns | parse-community | parse-server | High | 8.6 | 2022-09-07 20:40:13 | Deep Dive |
| CVE-2022-31112 | Protected fields exposed via LiveQuery in parse-server | parse-community | parse-server | High | 8.2 | 2022-06-30 16:40:13 | Deep Dive |
| CVE-2022-31089 | Invalid file request can crashe parse-server | parse-community | parse-server | High | 7.5 | 2022-06-27 21:10:11 | Deep Dive |
| CVE-2022-31083 | Authentication bypass in Parse Server Apple Game Center auth adapter | parse-community | parse-server | High | 8.6 | 2022-06-17 18:15:17 | Deep Dive |
| CVE-2022-24901 | Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter | parse-community | parse-server | High | 7.5 | 2022-05-04 01:10:08 | Deep Dive |
| CVE-2022-24760 | Command Injection in Parse server | parse-community | parse-server | Critical | 10.0 | 2022-03-11 23:55:10 | Deep Dive |
| CVE-2021-41109 | LiveQuery publishes user session tokens | parse-community | parse-server | High | 7.5 | 2021-09-30 15:10:14 | Deep Dive |
| CVE-2021-39187 | Crash server with query parameter | parse-community | parse-server | High | 7.5 | 2021-09-02 15:35:11 | Deep Dive |