Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/parse-community/parse-server
Parse Server for Node.js / Express
https://github.com/parse-community/parse-server
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: 3 months ago
GSA_kwCzR0hTQS04eHE5LWc3Y2gtMzVoZ84AA_9o
Parse Server's custom object ID allows to acquire role privilegesEcosystems: npm
Packages: parse-server
Source: github
Published: 3 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: 6 months ago
GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass VulnerabilityEcosystems: npm
Packages: parse-server
Source: github
Published: 6 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: 9 months ago
GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD
Server crashes on invalid Cloud Function or Cloud Job nameEcosystems: npm
Packages: parse-server
Source: github
Published: 9 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: 10 months ago
GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL InjectionEcosystems: npm
Packages: parse-server
Source: github
Published: 10 months ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 1 year ago
GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK
Parse Server may crash when uploading file without extensionEcosystems: npm
Packages: parse-server
Source: github
Published: about 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS1mY3Y2LWZnNXItam05cc4AA1rK
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointerEcosystems: npm
Packages: parse-server
Source: github
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS00NjJ4LWMzanctN3ZyNs4AA0KN
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollutionEcosystems: npm
Packages: parse-server
Source: github
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS05cHJtLWpxd3gtNDV4Oc4AAzkR
Phishing attack vulnerability by uploading malicious HTML fileEcosystems: npm
Packages: parse-server
Source: github
Published: over 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: almost 2 years ago
GSA_kwCzR0hTQS12bTVyLWM4N3ItcGY2eM4AAxTe
Parse Server option `masterKeyIps` vulnerability to IP spoofingEcosystems: npm
Packages: parse-server
Source: github
Published: almost 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
GSA_kwCzR0hTQS05M3Z3LThmbTUtcDJqZs4AAv0A
Parse Server is vulnerable to Prototype Pollution via Cloud Code WebhooksEcosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code TriggersEcosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh
Remote code execution via MongoDB BSON parser through prototype pollutionEcosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP
parse-server crashes when receiving file download request with invalid byte rangeEcosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
Low
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumventedEcosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
GSA_kwCzR0hTQS02dzRxLTIzY2YtajlqcM4AAu98
parse-server's session object properties can be updated by foreign user if object ID is knownEcosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
GSA_kwCzR0hTQS0ybTZnLWNydjgtcDNjNs4AAu2I
Parse Server vulnerable to brute force guessing of user sensitive data via search patternsEcosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
GSA_kwCzR0hTQS1jcnJxLXZyOWotZnh4aM4AAtHz
Protected fields exposed via LiveQueryEcosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
GSA_kwCzR0hTQS14dzZnLWpqdmYtd3dmOc4AAs4W
Invalid file request can crash serverEcosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
GSA_kwCzR0hTQS1yaDlqLWY1ZjgtcnZnY84AArtc
Authentication bypass vulnerability in Apple Game Center auth adapterEcosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
GSA_kwCzR0hTQS1xZjh4LXZxanYtOTJncs3fnA
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapterEcosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: almost 3 years ago
GSA_kwCzR0hTQS1wNmg0LTkzcXAtamhjbc0yJA
Command injection in Parse Server through prototype pollutionEcosystems: npm
Packages: parse-server
Source: github
Published: almost 3 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 3 years ago
GSA_kwCzR0hTQS03cHIzLXA1Zm0tOHI5eM0WDw
LiveQuery publishes user session tokens in parse-serverEcosystems: npm
Packages: parse-server
Source: github
Published: about 3 years ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 3 years ago
GSA_kwCzR0hTQS01OTN2LXdjcXgtaHEyd80Vlw
Incorrect version tags linked to external repositoryEcosystems: npm
Packages: parse-server
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 3 years ago
GSA_kwCzR0hTQS14cXA4LXc4MjYtaGg2eM0Vig
Parse Server crashes with query parameterEcosystems: npm
Packages: parse-server
Source: github
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzcjQtNW14cC1jN2c1
parse-server new anonymous user session acts as if it's created with passwordEcosystems: npm
Packages: parse-server
Source: github
Published: over 3 years ago
Low
Ecosystems: npm
Packages: parse-server
Source: github
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NDYtdzQ0bS0zanEz
Parse Server stores password in plain textEcosystems: npm
Packages: parse-server
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4bTIteGoycS1xZ3Bq
receiving subscription objects with deleted sessionEcosystems: npm
Packages: parse-server
Source: github
Published: about 4 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzNmgtcnF2OC04cTcz
GraphQL: Security breach on Viewer queryEcosystems: npm
Packages: parse-server
Source: github
Published: over 4 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0bWYtNzVoZi02N3c0
Information disclosure in parse-serverEcosystems: npm
Packages: parse-server
Source: github
Published: almost 5 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3M2otZzk4My04amg1
Sensitive Data Exposure in parse-serverEcosystems: npm
Packages: parse-server
Source: github
Published: over 5 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NzktcXZ2Ny00N3Fx
Parse Server before v3.4.1 vulnerable to Denial of ServiceEcosystems: npm
Packages: parse-server
Source: github
Published: over 5 years ago