parse-server — Vulnerabilities & Security Advisories 106

All 106 CVE vulnerabilities found in parse-server, with AI-generated Chinese analysis, references, and POCs.

Vendor: Parse

CVE ID	Title	CVSS	Severity	Published
CVE-2022-39225	Parse Server subject to Incorrect Resource Transfer Between Spheres CWE-669	4.3	Medium	2022-09-23
CVE-2022-36079	Parse Server vulnerable to brute force guessing of user sensitive data via search patterns CWE-200	8.6	High	2022-09-07
CVE-2022-31112	Protected fields exposed via LiveQuery in parse-server CWE-200	8.2	High	2022-06-30
CVE-2022-31089	Invalid file request can crashe parse-server CWE-706	7.5	High	2022-06-27
CVE-2022-31083	Authentication bypass in Parse Server Apple Game Center auth adapter CWE-287	8.6	High	2022-06-17
CVE-2022-24901	Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter CWE-295	7.5	High	2022-05-04
CVE-2022-24760	Command Injection in Parse server CWE-74	10.0	Critical	2022-03-11
CVE-2021-41109	LiveQuery publishes user session tokens CWE-200	7.5	High	2021-09-30
CVE-2021-39187	Crash server with query parameter CWE-74	7.5	High	2021-09-02
CVE-2021-39138	New anonymous user session acts as if it's created with password CWE-287	4.8	Medium	2021-08-18
CVE-2020-26288	Parse Server stores password in plain text CWE-312	7.7	High	2020-12-30
CVE-2020-15270	Improper session expiration in Parse Server CWE-672	4.3	Medium	2020-10-22
CVE-2020-15126	Information disclosure through Viewer query in parse-server CWE-863	6.5	Medium	2020-07-22
CVE-2020-5251	Information disclosure in parse-server CWE-285	7.7	High	2020-03-04
CVE-2019-1020013	parse-server 授权问题漏洞	5.3	-	2019-07-29
CVE-2019-1020012	parse-server 环境问题漏洞	7.5	-	2019-07-29

All 106 known CVE vulnerabilities affecting parse-server with full Chinese analysis, references, and POCs where available.