| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-30168 | Parse Server has an OAuth login vulnerability | parse-community | parse-server | Medium | 6.9 | 2025-03-21 14:54:22 | Deep Dive |
| CVE-2025-25283 | parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory | jkroso | parse-duration | High | 7.5 | 2025-02-12 18:21:49 | Deep Dive |
| CVE-2024-47183 | Parse Server's custom object ID allows to acquire role privileges | parse-community | parse-server | High | 8.1 | 2024-10-04 15:06:45 | Deep Dive |
| CVE-2024-39309 | ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability | parse-community | parse-server | Critical | 9.8 | 2024-07-01 21:15:26 | Deep Dive |
| CVE-2024-29027 | Parse Server crash and RCE via invalid Cloud Function or Cloud Job name | parse-community | parse-server | Critical | 9.0 | 2024-03-19 18:57:25 | Deep Dive |
| CVE-2024-27298 | Parse Server literalizeRegexPart SQL Injection | parse-community | parse-server | Critical | 10.0 | 2024-03-01 17:48:53 | Deep Dive |
| CVE-2023-46119 | Parse Server may crash when uploading file without extension | parse-community | parse-server | High | 7.5 | 2023-10-25 00:03:56 | Deep Dive |
| CVE-2023-41058 | Trigger `beforeFind` not invoked in internal query pipeline in parse-server | parse-community | parse-server | High | 7.5 | 2023-09-04 22:39:55 | Deep Dive |
| CVE-2023-36475 | Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution | parse-community | parse-server | Critical | 9.8 | 2023-06-28 22:32:10 | Deep Dive |
| CVE-2023-32689 | Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file | parse-community | parse-server | Medium | 6.3 | 2023-05-30 17:27:18 | Deep Dive |
| CVE-2023-32688 | Invalid push request payload crashes Parse Server | parse-community | parse-server-push-adapter | Medium | 4.9 | 2023-05-27 03:21:27 | Deep Dive |
| CVE-2023-22474 | Parse Server is vulnerable to authentication bypass via spoofing | parse-community | parse-server | High | 8.7 | 2023-02-03 19:57:09 | Deep Dive |
| CVE-2022-39396 | Parse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser | parse-community | parse-server | Critical | 9.8 | 2022-11-10 00:00:00 | Deep Dive |
| CVE-2022-41878 | Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers | parse-community | parse-server | High | 7.2 | 2022-11-10 00:00:00 | Deep Dive |
| CVE-2022-41879 | Parse Server subject to Prototype pollution via Cloud Code Webhooks | parse-community | parse-server | High | 7.2 | 2022-11-10 00:00:00 | Deep Dive |
| CVE-2022-42743 | deep-parse-json 1.0.2 - Prototype Pollution | - | deep-parse-json | 中危 | - | 2022-11-03 00:00:00 | Deep Dive |
| CVE-2022-39313 | Parse Server crashes when receiving file download request with invalid byte range | parse-community | parse-server | High | 7.5 | 2022-10-24 00:00:00 | Deep Dive |
| CVE-2022-39231 | Parse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented | parse-community | parse-server | Low | 3.7 | 2022-09-23 07:40:08 | Deep Dive |
| CVE-2022-39225 | Parse Server subject to Incorrect Resource Transfer Between Spheres | parse-community | parse-server | Medium | 4.3 | 2022-09-23 06:40:07 | Deep Dive |
| CVE-2022-3224 | Misinterpretation of Input in ionicabizau/parse-url | ionicabizau | ionicabizau/parse-url | 中危 | - | 2022-09-15 11:30:12 | Deep Dive |