Parcel — CVE history (npm)

Parcel

2 CVEs affect the Parcel npm package (highest CVSS 7.5). Latest disclosed: 2025-09-17. Full CVE history sourced from NVD.

Summary

Package
Parcel (npm)
Total CVEs
2
Actively exploited (CISA KEV)
0
Highest CVSS
7.5
Latest disclosed
2025-09-17

Recent CVEs (top 2)

CVESeverityCVSSKEVPublishedSummary
CVE-2025-56648Medium6.52025-09-17npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability.
CVE-2018-14731High7.52018-09-21An issue was discovered in HMRServer.js in Parcel parcel-bundler.

All-time worst (top 2 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2018-14731High7.52018-09-21An issue was discovered in HMRServer.js in Parcel parcel-bundler.
CVE-2025-56648Medium6.52025-09-17npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability.