parse-server vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-31872Highparse-server: Parse Server has a protected fields bypass via dot-notation in query and sortCVE-2026-31871Criticalparse-server: Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on…CVE-2026-31868Mediumparse-server: Parse Server vulnerable to stored XSS via file upload of HTML-renderable file typesCVE-2026-31856Criticalparse-server: Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in…CVE-2026-31828Mediumparse-server: Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter…CVE-2026-31800Highparse-server: Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routesCVE-2026-30972Mediumparse-server: Parse Server has a rate limit bypass via batch request endpointCVE-2026-30967Highparse-server: Parse Server OAuth2 authentication adapter account takeover via identity spoofingCVE-2026-30966Criticalparse-server: Parse Server has role escalation and CLP bypass via direct `_Join` table writeCVE-2026-30965Criticalparse-server: Parse Server vulnerable to session token exfiltration via `redirectClassNameForKey` query parameterCVE-2026-30962Highparse-server: Parse Server has a protected fields bypass via logical query operatorsCVE-2026-30949Highparse-server: Parse Server missing audience validation in Keycloak authentication adapterCVE-2026-30948Highparse-server: Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file uploadCVE-2026-30947Highparse-server: Parse Server has a bypass of class-level permissions in LiveQueryCVE-2026-30946Highparse-server: Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL APICVE-2026-30941Highparse-server: Parse Server has a NoSQL injection via token type in password reset and email verification endpointsCVE-2026-31840Criticalparse-server: Parse Server: SQL injection via dot-notation field name in PostgreSQLCVE-2026-30939Highparse-server: Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain…CVE-2026-30938Mediumparse-server: Parse Server has denylist `requestKeywordDenylist` keyword scan bypass through nested object…CVE-2026-30925Highparse-server: Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQueryCVE-2026-30863Criticalparse-server: Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adaptersCVE-2026-30854Mediumparse-server: Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection…CVE-2026-30850Mediumparse-server: Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorizationCVE-2026-30848Mediumparse-server: Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directoryCVE-2026-30835Mediumparse-server: parse-server: Malformed `$regex` query leaks database error details in API response

Stop the waste.
Protect your environment with Kodem.