Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

parse-community — Vulnerabilities & Security Advisories 110

Browse all 110 CVE security advisories affecting parse-community. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Parse Community provides an open-source backend infrastructure designed to simplify mobile and web application development by offering ready-to-use APIs for data storage, user authentication, and push notifications. This framework allows developers to deploy their own servers, reducing reliance on proprietary third-party services. However, its widespread adoption has made it a frequent target for security researchers, resulting in over 110 recorded Common Vulnerabilities and Exposures (CVEs). Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation or insecure default configurations in older versions. While the project maintains an active security response process, the sheer volume of past incidents highlights the complexity of maintaining secure, self-hosted environments. Users are strongly advised to keep installations updated and adhere to strict configuration guidelines to mitigate risks associated with these known vulnerabilities.

Found 104 results / 110Clear Filters
Top products by parse-community: parse-server parse-dashboard parse-server-push-adapter Parse-SDK-JS
CVE IDTitleCVSSSeverityPublished
CVE-2026-39381 Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields` — parse-serverCWE-863 6.5AIMediumAI2026-04-07
CVE-2026-39321 Parse Server has a login timing side-channel reveals user existence — parse-serverCWE-208 4.8AIMediumAI2026-04-07
CVE-2026-35200 Parse Server has a file upload Content-Type override via extension mismatch — parse-serverCWE-436 8.2AIHighAI2026-04-06
CVE-2026-34784 Parse Server: Streaming file download bypasses afterFind file trigger authorization — parse-serverCWE-285 7.5 -2026-03-31
CVE-2026-34215 Parse Server: Auth data exposed via verify password endpoint — parse-serverCWE-200 6.5 -2026-03-31
CVE-2026-34595 Parse Server: LiveQuery protected-field guard bypass via array-like logical operator value — parse-serverCWE-843 8.8AIHighAI2026-03-31
CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard — parse-serverCWE-697 7.1AIHighAI2026-03-31
CVE-2026-34573 Parse Server: GraphQL complexity validator exponential fragment traversal DoS — parse-serverCWE-407 7.5AIHighAI2026-03-31
CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal — parse-serverCWE-863 9.1AICriticalAI2026-03-31
CVE-2026-34373 Parse Server: GraphQL API endpoint ignores CORS origin restriction — parse-serverCWE-346 8.2AIHighAI2026-03-31
CVE-2026-34363 Parse Server: LiveQuery protected field leak via shared mutable state across concurrent subscribers — parse-serverCWE-362 7.5AIHighAI2026-03-31
CVE-2026-34224 Parse Server: MFA single-use token bypass via concurrent authData login requests — parse-serverCWE-367 8.2AIHighAI2026-03-31
CVE-2026-33627 Parse Server: Auth data exposed via /users/me endpoint — parse-serverCWE-200 8.1 -2026-03-24
CVE-2026-33624 Parse Server: MFA recovery code single-use bypass via concurrent requests — parse-serverCWE-367 9.1 -2026-03-24
CVE-2026-33539 Parse Server: SQL injection via aggregate and distinct field names in PostgreSQL adapter — parse-serverCWE-89 7.2 -2026-03-24
CVE-2026-33538 Parse Server: Denial of service via unindexed database query for unconfigured auth providers — parse-serverCWE-400 7.5 -2026-03-24
CVE-2026-33527 Parse Server: Session update endpoint allows overwriting server-generated session fields — parse-serverCWE-863 4.3 -2026-03-24
CVE-2026-33508 Parse Server: LiveQuery subscription query depth bypass — parse-serverCWE-674 7.5 -2026-03-24
CVE-2026-33498 Parse Server: Query condition depth bypass via pre-validation transform pipeline — parse-serverCWE-674 7.5 -2026-03-24
CVE-2026-33429 Parse Server: Protected field change detection oracle via LiveQuery watch parameter — parse-serverCWE-203 3.7 -2026-03-24
CVE-2026-33421 Parse Server: LiveQuery bypasses CLP pointer permission enforcement — parse-serverCWE-863 6.5 -2026-03-24
CVE-2026-33409 Parse Server: Auth provider validation bypass on login via partial authData — parse-serverCWE-287 8.1 -2026-03-24
CVE-2026-33323 Parse Server: Email verification resend page leaks user existence — parse-serverCWE-204 5.3 -2026-03-24
CVE-2026-33163 Parse Server leaks protected fields via LiveQuery afterEvent trigger — parse-serverCWE-200 6.5 -2026-03-18
CVE-2026-33042 Parse Server affected by empty authData bypassing credential requirement on signup — parse-serverCWE-287 7.5 -2026-03-18
CVE-2026-32944 Parse Server crash via deeply nested query condition operators — parse-serverCWE-674 7.5 -2026-03-18
CVE-2026-32943 Parse Server has a password reset token single-use bypass via concurrent requests — parse-serverCWE-367 7.4 -2026-03-18
CVE-2026-32886 Parse Server's Cloud function dispatch crashes server via prototype chain traversal — parse-serverCWE-1321 7.5 -2026-03-18
CVE-2026-32878 Parse Server vulnerable to schema poisoning via prototype pollution in deep copy — parse-serverCWE-1321 8.2 -2026-03-18
CVE-2026-32770 Parse Server: LiveQuery subscription with invalid regular expression crashes server — parse-serverCWE-248 5.9 Medium2026-03-18

This page lists every published CVE security advisory associated with parse-community. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.