| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-2900 | Server-Side Request Forgery (SSRF) in ionicabizau/parse-url | ionicabizau | ionicabizau/parse-url | 超危 | - | 2022-09-14 08:30:13 | Deep Dive |
| CVE-2022-36079 | Parse Server vulnerable to brute force guessing of user sensitive data via search patterns | parse-community | parse-server | High | 8.6 | 2022-09-07 20:40:13 | Deep Dive |
| CVE-2022-31112 | Protected fields exposed via LiveQuery in parse-server | parse-community | parse-server | High | 8.2 | 2022-06-30 16:40:13 | Deep Dive |
| CVE-2022-0624 | Authorization Bypass Through User-Controlled Key in ionicabizau/parse-path | ionicabizau | ionicabizau/parse-path | 高危 | - | 2022-06-28 09:10:10 | Deep Dive |
| CVE-2022-31089 | Invalid file request can crashe parse-server | parse-community | parse-server | High | 7.5 | 2022-06-27 21:10:11 | Deep Dive |
| CVE-2022-2216 | Server-Side Request Forgery (SSRF) in ionicabizau/parse-url | ionicabizau | ionicabizau/parse-url | 超危 | - | 2022-06-27 12:10:18 | Deep Dive |
| CVE-2022-2218 | Cross-site Scripting (XSS) - Stored in ionicabizau/parse-url | ionicabizau | ionicabizau/parse-url | 中危 | - | 2022-06-27 12:10:09 | Deep Dive |
| CVE-2022-0722 | Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url | ionicabizau | ionicabizau/parse-url | 高危 | - | 2022-06-27 10:50:10 | Deep Dive |
| CVE-2022-2217 | Cross-site Scripting (XSS) - Generic in ionicabizau/parse-url | ionicabizau | ionicabizau/parse-url | 中危 | - | 2022-06-27 10:15:24 | Deep Dive |
| CVE-2022-31083 | Authentication bypass in Parse Server Apple Game Center auth adapter | parse-community | parse-server | High | 8.6 | 2022-06-17 18:15:17 | Deep Dive |
| CVE-2022-24901 | Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter | parse-community | parse-server | High | 7.5 | 2022-05-04 01:10:08 | Deep Dive |
| CVE-2022-24760 | Command Injection in Parse server | parse-community | parse-server | Critical | 10.0 | 2022-03-11 23:55:10 | Deep Dive |
| CVE-2022-0691 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse | unshiftio | unshiftio/url-parse | 超危 | - | 2022-02-21 00:00:00 | Deep Dive |
| CVE-2022-0686 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse | unshiftio | unshiftio/url-parse | 超危 | - | 2022-02-20 00:00:00 | Deep Dive |
| CVE-2022-0639 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse | unshiftio | unshiftio/url-parse | 中危 | - | 2022-02-17 00:00:00 | Deep Dive |
| CVE-2022-0512 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse | unshiftio | unshiftio/url-parse | 中危 | - | 2022-02-14 00:00:00 | Deep Dive |
| CVE-2021-23490 | Regular Expression Denial of Service (ReDoS) | - | parse-link-header | High | 7.5 | 2021-12-24 20:05:16 | Deep Dive |
| CVE-2021-41109 | LiveQuery publishes user session tokens | parse-community | parse-server | High | 7.5 | 2021-09-30 15:10:14 | Deep Dive |
| CVE-2021-39187 | Crash server with query parameter | parse-community | parse-server | High | 7.5 | 2021-09-02 15:35:11 | Deep Dive |
| CVE-2021-39138 | New anonymous user session acts as if it's created with password | parse-community | parse-server | Medium | 4.8 | 2021-08-18 21:40:11 | Deep Dive |