Parcel — CVE history (npm)
Parcel
2 CVEs affect the Parcel npm package (highest CVSS 7.5). Latest disclosed: 2025-09-17. Full CVE history sourced from NVD.
Summary
- Package
Parcel(npm)- Total CVEs
2- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.5- Latest disclosed
- 2025-09-17
Recent CVEs (top 2)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-56648 | Medium | 6.5 | — | 2025-09-17 | npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. |
CVE-2018-14731 | High | 7.5 | — | 2018-09-21 | An issue was discovered in HMRServer.js in Parcel parcel-bundler. |
All-time worst (top 2 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2018-14731 | High | 7.5 | — | 2018-09-21 | An issue was discovered in HMRServer.js in Parcel parcel-bundler. |
CVE-2025-56648 | Medium | 6.5 | — | 2025-09-17 | npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. |