-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Security: parse-community/parse-server
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
LiveQuery publishes user session tokensGHSA-7pr3-p5fm-8r9x published
Sep 30, 2021 by mtrezzaHigh -
Incorrect version tags linked to external repositoryGHSA-593v-wcqx-hq2w published
Sep 3, 2021 by davimacedoCritical -
Session object properties can be updated by foreign user if object ID is knownGHSA-6w4q-23cf-j9jp published
Sep 20, 2022 by mtrezzaModerate -
Authentication provider credentials are usable across Parse Server appsGHSA-837q-jhwx-cmpv published
Mar 21, 2025 by mtrezzaModerate -
Server crashes with invalid explain query parameterGHSA-xqp8-w826-hh6x published
Sep 2, 2021 by mtrezzaHigh -
New anonymous user session acts as if it's created with passwordGHSA-23r4-5mxp-c7g5 published
Aug 18, 2021 by mtrezzaModerate -
Receiving subscription objects with deleted sessionGHSA-2xm2-xj2q-qgpj published
Oct 21, 2020 by davimacedoModerate -
GraphQL: Security breach on Viewer queryGHSA-236h-rqv8-8q73 published
Jul 22, 2020 by davimacedoHigh -
Regex VulnerabilitiesGHSA-h4mf-75hf-67w4 published
Mar 3, 2020 by acinaderCritical -
LDAP auth stores password in plain textGHSA-4w46-w44m-3jq3 published
Dec 2, 2020 by davimacedoLow