Vulnerabilities in parse-community
119 resultsCVE-2026-33627HIGHParse Server: Auth data exposed via /users/me endpointEPSS 0.4%CVE-2026-34784HIGHParse Server: Streaming file download bypasses afterFind file trigger authorizationEPSS 0.4%CVE-2025-30168MEDIUMParse Server has an OAuth login vulnerabilityEPSS 0.4%CVE-2025-62374MEDIUMParse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIsEPSS 0.4%CVE-2026-34363HIGHParse Server: LiveQuery protected field leak via shared mutable state across concurrent subscribersEPSS 0.4%CVE-2026-31872HIGHParse Server has a protected fields bypass via dot-notation in query and sortEPSS 0.4%CVE-2025-64502MEDIUMParse Server allows public `explain` queries which may expose sensitive database performance information and schema detailsEPSS 0.4%CVE-2026-30965CRITICALParse Server session token exfiltration via `redirectClassNameForKey` query parameterEPSS 0.4%CVE-2025-67727MEDIUMParse Server GitHub CI workflow vulnerable to RCE through Improper Privilege ManagementEPSS 0.4%CVE-2026-33508HIGHParse Server: LiveQuery subscription query depth bypassEPSS 0.3%CVE-2026-32878MEDIUMParse Server vulnerable to schema poisoning via prototype pollution in deep copyEPSS 0.3%CVE-2026-32594MEDIUMParse Server GraphQL WebSocket endpoint bypasses security middlewareEPSS 0.3%CVE-2026-50008MEDIUMParse Server: Server option routeAllowList is bypassable through batch sub-requestsEPSS 0.3%CVE-2026-30972MEDIUMParse Server has a rate limit bypass via batch request endpointEPSS 0.3%CVE-2026-27610HIGHParse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only SessionsEPSS 0.3%CVE-2026-30835MEDIUMParse Server: Malformed `$regex` query leaks database error details in API responseEPSS 0.3%CVE-2026-31800HIGHParse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routesEPSS 0.3%CVE-2026-30967HIGHParse Server OAuth2 authentication adapter account takeover via identity spoofingEPSS 0.3%CVE-2026-30228MEDIUMParse Server: File creation and deletion bypasses `readOnlyMasterKey` write restrictionEPSS 0.3%CVE-2026-33323MEDIUMParse Server: Email verification resend page leaks user existenceEPSS 0.3%