Parse-server
This hub aggregates every CVE we track for Parse-server, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
108
CVEs tracked
18
Critical
46
High
0
In CISA KEV
Severity distribution
HIGH46MEDIUM39CRITICAL18LOW5
Monthly trend
0
0
1
0
0
0
0
1
0
0
0
1
0
0
0
1
3
0
1
65
3
1
2
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Parse-server.
- CVE-2021-47987Parse Server - Arbitrary Code Execution via Malicious Version Tags7.5
- CVE-2021-47986Parse Server - Unreviewed Code Execution via Malicious Version Tags7.5
- CVE-2026-43930Parse Server: MFA SMS one-time password accepted twice under concurrent login5.9
- CVE-2026-39381Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields`4.3
- CVE-2026-39321Parse Server has a login timing side-channel reveals user existence3.7
- CVE-2026-35200Parse Server has a file upload Content-Type override via extension mismatch5.4
- CVE-2026-34784Parse Server: Streaming file download bypasses afterFind file trigger authorization7.5
- CVE-2026-34215Parse Server: Auth data exposed via verify password endpoint6.5
- CVE-2026-34595Parse Server: LiveQuery protected-field guard bypass via array-like logical operator value4.3
- CVE-2026-34574Parse Server: Session field immutability bypass via falsy-value guard5.4
- CVE-2026-34573Parse Server: GraphQL complexity validator exponential fragment traversal DoS7.5
- CVE-2026-34532Parse Server: Cloud function validator bypass via prototype chain traversal9.1
- CVE-2026-34373Parse Server: GraphQL API endpoint ignores CORS origin restriction8.8
- CVE-2026-34363Parse Server: LiveQuery protected field leak via shared mutable state across concurrent subscribers5.3
- CVE-2026-34224Parse Server: MFA single-use token bypass via concurrent authData login requests4.4
Product normalization is registry-driven with AI assist and human review. How it works