Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

parse-community — Vulnerabilities & Security Advisories 110

Browse all 110 CVE security advisories affecting parse-community. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products parse-community:parse-serverparse-dashboardparse-server-push-adapterParse-SDK-JS
CVE IDTitleCVSSSeverityPaused
CVE-2026-39381 Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields` — parse-serverCWE-863 6.5AIMediumAI2026-04-07
CVE-2026-39321 Parse Server has a login timing side-channel reveals user existence — parse-serverCWE-208 4.8AIMediumAI2026-04-07
CVE-2026-35200 Parse Server has a file upload Content-Type override via extension mismatch — parse-serverCWE-436 8.2AIHighAI2026-04-06
CVE-2026-34784 Parse Server: Streaming file download bypasses afterFind file trigger authorization — parse-serverCWE-285 7.5 -2026-03-31
CVE-2026-34215 Parse Server: Auth data exposed via verify password endpoint — parse-serverCWE-200 6.5 -2026-03-31
CVE-2026-34595 Parse Server: LiveQuery protected-field guard bypass via array-like logical operator value — parse-serverCWE-843 8.8AIHighAI2026-03-31
CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard — parse-serverCWE-697 7.1AIHighAI2026-03-31
CVE-2026-34573 Parse Server: GraphQL complexity validator exponential fragment traversal DoS — parse-serverCWE-407 7.5AIHighAI2026-03-31
CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal — parse-serverCWE-863 9.1AICriticalAI2026-03-31
CVE-2026-34373 Parse Server: GraphQL API endpoint ignores CORS origin restriction — parse-serverCWE-346 8.2AIHighAI2026-03-31
CVE-2026-34363 Parse Server: LiveQuery protected field leak via shared mutable state across concurrent subscribers — parse-serverCWE-362 7.5AIHighAI2026-03-31
CVE-2026-34224 Parse Server: MFA single-use token bypass via concurrent authData login requests — parse-serverCWE-367 8.2AIHighAI2026-03-31
CVE-2026-33627 Parse Server: Auth data exposed via /users/me endpoint — parse-serverCWE-200 8.1 -2026-03-24
CVE-2026-33624 Parse Server: MFA recovery code single-use bypass via concurrent requests — parse-serverCWE-367 9.1 -2026-03-24
CVE-2026-33539 Parse Server: SQL injection via aggregate and distinct field names in PostgreSQL adapter — parse-serverCWE-89 7.2 -2026-03-24
CVE-2026-33538 Parse Server: Denial of service via unindexed database query for unconfigured auth providers — parse-serverCWE-400 7.5 -2026-03-24
CVE-2026-33527 Parse Server: Session update endpoint allows overwriting server-generated session fields — parse-serverCWE-863 4.3 -2026-03-24
CVE-2026-33508 Parse Server: LiveQuery subscription query depth bypass — parse-serverCWE-674 7.5 -2026-03-24
CVE-2026-33498 Parse Server: Query condition depth bypass via pre-validation transform pipeline — parse-serverCWE-674 7.5 -2026-03-24
CVE-2026-33429 Parse Server: Protected field change detection oracle via LiveQuery watch parameter — parse-serverCWE-203 3.7 -2026-03-24
CVE-2026-33421 Parse Server: LiveQuery bypasses CLP pointer permission enforcement — parse-serverCWE-863 6.5 -2026-03-24
CVE-2026-33409 Parse Server: Auth provider validation bypass on login via partial authData — parse-serverCWE-287 8.1 -2026-03-24
CVE-2026-33323 Parse Server: Email verification resend page leaks user existence — parse-serverCWE-204 5.3 -2026-03-24
CVE-2026-33163 Parse Server leaks protected fields via LiveQuery afterEvent trigger — parse-serverCWE-200 6.5 -2026-03-18
CVE-2026-33042 Parse Server affected by empty authData bypassing credential requirement on signup — parse-serverCWE-287 7.5 -2026-03-18
CVE-2026-32944 Parse Server crash via deeply nested query condition operators — parse-serverCWE-674 7.5 -2026-03-18
CVE-2026-32943 Parse Server has a password reset token single-use bypass via concurrent requests — parse-serverCWE-367 7.4 -2026-03-18
CVE-2026-32886 Parse Server's Cloud function dispatch crashes server via prototype chain traversal — parse-serverCWE-1321 7.5 -2026-03-18
CVE-2026-32878 Parse Server vulnerable to schema poisoning via prototype pollution in deep copy — parse-serverCWE-1321 8.2 -2026-03-18
CVE-2026-32770 Parse Server: LiveQuery subscription with invalid regular expression crashes server — parse-serverCWE-248 5.9 Medium2026-03-18

This page lists every published CVE security advisory associated with parse-community. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.