Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

parse-community — Vulnerabilities & Security Advisories 110

Browse all 110 CVE security advisories affecting parse-community. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products parse-community:parse-serverparse-dashboardparse-server-push-adapterParse-SDK-JS
CVE IDTitleCVSSSeverityPaused
CVE-2026-30854 Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled — parse-serverCWE-863 5.3 -2026-03-07
CVE-2026-30850 Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization — parse-serverCWE-862 5.3 -2026-03-07
CVE-2026-30848 Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory — parse-serverCWE-22 7.5 -2026-03-07
CVE-2026-30863 Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters — parse-serverCWE-287 9.8 -2026-03-07
CVE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response — parse-serverCWE-209 7.5 -2026-03-06
CVE-2026-30229 Parse Server: Endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user — parse-serverCWE-863 9.8 -2026-03-06
CVE-2026-30228 Parse Server: File creation and deletion bypasses `readOnlyMasterKey` write restriction — parse-serverCWE-863 9.1 -2026-03-06
CVE-2026-29182 Parse Server: Cloud Hooks and Cloud Jobs bypass `readOnlyMasterKey` write restriction — parse-serverCWE-863 8.1 -2026-03-06
CVE-2026-27804 Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter — parse-serverCWE-327 9.8AICriticalAI2026-02-25
CVE-2026-27595 Parse Dashboard has incomplete authentication on AI Agent endpoint — parse-dashboardCWE-306 9.1AICriticalAI2026-02-25
CVE-2026-27610 Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions — parse-dashboardCWE-1289 5.3AIMediumAI2026-02-25
CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint — parse-dashboardCWE-352 8.8AIHighAI2026-02-25
CVE-2026-27608 Parse Dashboard Missing Authorization on Agent Endpoint — parse-dashboardCWE-862 8.8AIHighAI2026-02-25
CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter — parse-serverCWE-918 9.1AICriticalAI2025-12-16
CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables — parse-serverCWE-79 6.1AIMediumAI2025-12-16
CVE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management — parse-serverCWE-94 9.8AICriticalAI2025-12-12
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details — parse-serverCWE-201 5.3 -2025-11-10
CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format — parse-serverCWE-918 7.5 High2025-11-07
CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs — Parse-SDK-JSCWE-1321 6.4 Medium2025-10-14
CVE-2025-53364 Parse Server exposes the data schema via GraphQL API — parse-serverCWE-497 5.3 Medium2025-07-10
CVE-2025-30168 Parse Server has an OAuth login vulnerability — parse-serverCWE-287 6.9 Medium2025-03-21
CVE-2024-47183 Parse Server's custom object ID allows to acquire role privileges — parse-serverCWE-285 8.1 High2024-10-04
CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability — parse-serverCWE-288 9.8 Critical2024-07-01
CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name — parse-serverCWE-74 9.1 Critical2024-03-19
CVE-2024-27298 Parse Server literalizeRegexPart SQL Injection — parse-serverCWE-89 10.0 Critical2024-03-01
CVE-2023-46119 Parse Server may crash when uploading file without extension — parse-serverCWE-23 7.5 High2023-10-25
CVE-2023-41058 Trigger `beforeFind` not invoked in internal query pipeline in parse-server — parse-serverCWE-670 7.5 High2023-09-04
CVE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution — parse-serverCWE-1321 9.8 Critical2023-06-28
CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file — parse-serverCWE-434 6.3 Medium2023-05-30
CVE-2023-32688 Invalid push request payload crashes Parse Server — parse-server-push-adapterCWE-20 4.9 Medium2023-05-27

This page lists every published CVE security advisory associated with parse-community. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.