GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
10 advisories
Command injection in Parse Server through prototype pollution
Critical
CVE-2022-24760
was published
for
parse-server
(npm)
Mar 11, 2022
Invalid file request can crash server
High
CVE-2022-31089
was published
for
parse-server
(npm)
Jun 20, 2022
Invalid push request payload crashes Parse Server
Moderate
CVE-2023-32688
was published
for
parse-server-push-adapter
(npm)
May 22, 2023
Phishing attack vulnerability by uploading malicious HTML file
Moderate
CVE-2023-32689
was published
for
parse-server
(npm)
May 31, 2023
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Critical
CVE-2023-36475
was published
for
parse-server
(npm)
Jun 30, 2023
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer
High
CVE-2023-41058
was published
for
parse-server
(npm)
Sep 4, 2023
Parse Server may crash when uploading file without extension
High
CVE-2023-46119
was published
for
parse-server
(npm)
Oct 24, 2023
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Critical
CVE-2024-27298
was published
for
parse-server
(npm)
Mar 1, 2024
Server crashes on invalid Cloud Function or Cloud Job name
Critical
CVE-2024-29027
was published
for
parse-server
(npm)
Mar 19, 2024
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Critical
CVE-2024-39309
was published
for
parse-server
(npm)
Jul 1, 2024
ProTip!
Advisories are also available from the
GraphQL API