Parse-community Parse-server
105 CVEs affecting Parse-community Parse-server. Latest disclosed: 2026-05-12. Critical: 7, High: 17.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-30966 | Critical | 10.0 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's inter… |
CVE-2024-27298 | Critical | 10.0 | 2024-03-01 | parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. T… |
CVE-2022-24760 | Critical | 10.0 | 2022-03-11 | Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This… |
CVE-2024-39309 | Critical | 9.8 | 2024-07-01 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 al… |
CVE-2023-36475 | Critical | 9.8 | 2023-06-28 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use… |
CVE-2022-39396 | Critical | 9.8 | 2022-11-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5… |
CVE-2024-29027 | Critical | 9.1 | 2024-03-19 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an… |
CVE-2023-22474 | High | 8.7 | 2023-02-03 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header `x-forwarded-for`… |
CVE-2022-36079 | High | 8.6 | 2022-09-07 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields (keys used internally by Parse Server… |
CVE-2022-31083 | High | 8.6 | 2022-06-17 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in… |
CVE-2022-31112 | High | 8.2 | 2022-06-30 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not re… |
CVE-2024-47183 | High | 8.1 | 2024-10-04 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is… |
CVE-2020-26288 | High | 7.7 | 2020-12-30 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server be… |
CVE-2020-5251 | High | 7.7 | 2020-03-04 | In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionT… |
CVE-2025-64430 | High | 7.5 | 2025-11-07 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3… |
CVE-2023-46119 | High | 7.5 | 2023-10-25 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without exte… |
CVE-2023-41058 | High | 7.5 | 2023-09-04 | Parse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`… |
CVE-2022-39313 | High | 7.5 | 2022-10-24 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5… |
CVE-2022-31089 | High | 7.5 | 2022-06-27 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files req… |
CVE-2022-24901 | High | 7.5 | 2022-05-04 | Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server v… |