Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

parse-community — Vulnerabilities & Security Advisories 110

Browse all 110 CVE security advisories affecting parse-community. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Parse Community provides an open-source backend infrastructure designed to simplify mobile and web application development by offering ready-to-use APIs for data storage, user authentication, and push notifications. This framework allows developers to deploy their own servers, reducing reliance on proprietary third-party services. However, its widespread adoption has made it a frequent target for security researchers, resulting in over 110 recorded Common Vulnerabilities and Exposures (CVEs). Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation or insecure default configurations in older versions. While the project maintains an active security response process, the sheer volume of past incidents highlights the complexity of maintaining secure, self-hosted environments. Users are strongly advised to keep installations updated and adhere to strict configuration guidelines to mitigate risks associated with these known vulnerabilities.

Top products by parse-community: parse-server parse-dashboard parse-server-push-adapter Parse-SDK-JS
CVE IDTitleCVSSSeverityPublished
CVE-2023-22474 Parse Server is vulnerable to authentication bypass via spoofing — parse-serverCWE-290 8.7 High2023-02-03
CVE-2022-39396 Parse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser — parse-serverCWE-1321 9.8 Critical2022-11-10
CVE-2022-41878 Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers — parse-serverCWE-74 7.2 High2022-11-10
CVE-2022-41879 Parse Server subject to Prototype pollution via Cloud Code Webhooks — parse-serverCWE-1321 7.2 High2022-11-10
CVE-2022-39313 Parse Server crashes when receiving file download request with invalid byte range — parse-serverCWE-1284 7.5 High2022-10-24
CVE-2022-39231 Parse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented — parse-serverCWE-287 3.7 Low2022-09-23
CVE-2022-39225 Parse Server subject to Incorrect Resource Transfer Between Spheres — parse-serverCWE-669 4.3 Medium2022-09-23
CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns — parse-serverCWE-200 8.6 High2022-09-07
CVE-2022-31112 Protected fields exposed via LiveQuery in parse-server — parse-serverCWE-200 8.2 High2022-06-30
CVE-2022-31089 Invalid file request can crashe parse-server — parse-serverCWE-706 7.5 High2022-06-27
CVE-2022-31083 Authentication bypass in Parse Server Apple Game Center auth adapter — parse-serverCWE-287 8.6 High2022-06-17
CVE-2022-24901 Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter — parse-serverCWE-295 7.5 High2022-05-04
CVE-2022-24760 Command Injection in Parse server — parse-serverCWE-74 10.0 Critical2022-03-11
CVE-2021-41109 LiveQuery publishes user session tokens — parse-serverCWE-200 7.5 High2021-09-30
CVE-2021-39187 Crash server with query parameter — parse-serverCWE-74 7.5 High2021-09-02
CVE-2021-39138 New anonymous user session acts as if it's created with password — parse-serverCWE-287 4.8 Medium2021-08-18
CVE-2020-26288 Parse Server stores password in plain text — parse-serverCWE-312 7.7 High2020-12-30
CVE-2020-15270 Improper session expiration in Parse Server — parse-serverCWE-672 4.3 Medium2020-10-22
CVE-2020-15126 Information disclosure through Viewer query in parse-server — parse-serverCWE-863 6.5 Medium2020-07-22
CVE-2020-5251 Information disclosure in parse-server — parse-serverCWE-285 7.7 High2020-03-04

This page lists every published CVE security advisory associated with parse-community. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.