parse-server vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-33538Highparse-server: Parse Server: Denial of Service via unindexed database query for unconfigured auth providersCVE-2026-33527Mediumparse-server: Parse Server's Session Update endpoint allows overwriting server-generated session fieldsCVE-2026-33508Highparse-server: Parse Server LiveQuery subscription query depth bypassCVE-2026-33498Highparse-server: Parse Server has a query condition depth bypass via pre-validation transform pipelineCVE-2026-33429Mediumparse-server: Parse Server has a protected field change detection oracle via LiveQuery watch parameterCVE-2026-33421Highparse-server: Parse Server's LiveQuery bypasses CLP pointer permission enforcementCVE-2026-33409Highparse-server: Parse Server has an auth provider validation bypass on login via partial authDataCVE-2026-33323Mediumparse-server: Parse Server email verification resend page leaks user existenceCVE-2026-33163Highparse-server: Parse Server leaks protected fields via LiveQuery afterEvent triggerCVE-2026-33042Mediumparse-server: Parse Server affected by empty authData bypassing credential requirement on signupCVE-2026-32770Mediumparse-server: Parse Server LiveQuery subscription with invalid regular expression crashes serverCVE-2026-32742Mediumparse-server: Parse Server session creation endpoint allows overwriting server-generated session fieldsCVE-2026-32878Mediumparse-server: Parse Server vulnerable to schema poisoning via prototype pollution in deep copyCVE-2026-32886Highparse-server: Parse Server's Cloud function dispatch crashes server via prototype chain traversalCVE-2026-32943Lowparse-server: Parse Server has a password reset token single-use bypass via concurrent requestsCVE-2026-32944Highparse-server: Parse Server crash via deeply nested query condition operatorsCVE-2026-32728Highparse-server: Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML…CVE-2026-32594Mediumparse-server: Parse Server's GraphQL WebSocket endpoint bypasses security middlewareCVE-2026-32269Mediumparse-server: Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpointCVE-2026-32248Criticalparse-server: Parse Server: Account takeover via operator injection in authentication data identifierCVE-2026-32242Criticalparse-server: Parse Server's OAuth2 adapter shares mutable state across providers via singleton instanceCVE-2026-32234Mediumparse-server: Parse Server has a SQL injection via query field name when using PostgreSQLCVE-2026-32098Mediumparse-server: Parse Server has a protected fields bypass via LiveQuery subscription WHERE clauseCVE-2026-31901Mediumparse-server: Parse Server vulnerable to user enumeration via email verification endpointCVE-2026-31875Highparse-server: Parse Server's MFA recovery codes not consumed after use

Stop the waste.
Protect your environment with Kodem.