Security Advisories · parse-community/parse-server · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Brute force guessing of user sensitive data via search patterns
GHSA-2m6g-crv8-p3c6 published Sep 2, 2022 by mtrezza

High
Command injection via prototype pollution
GHSA-p6h4-93qp-jhcm published Mar 11, 2022 by mtrezza

Critical
Auth adapter app ID validation may be circumvented
GHSA-r657-33vp-gp22 published Sep 20, 2022 by mtrezza

Low
LiveQuery publishes user session tokens
GHSA-7pr3-p5fm-8r9x published Sep 30, 2021 by mtrezza

High
Incorrect version tags linked to external repository
GHSA-593v-wcqx-hq2w published Sep 3, 2021 by davimacedo

Critical
Session object properties can be updated by foreign user if object ID is known
GHSA-6w4q-23cf-j9jp published Sep 20, 2022 by mtrezza

Moderate
Authentication provider credentials are usable across Parse Server apps
GHSA-837q-jhwx-cmpv published Mar 21, 2025 by mtrezza

Moderate
Server crashes with invalid explain query parameter
GHSA-xqp8-w826-hh6x published Sep 2, 2021 by mtrezza

High
New anonymous user session acts as if it's created with password
GHSA-23r4-5mxp-c7g5 published Aug 18, 2021 by mtrezza

Moderate
Receiving subscription objects with deleted session
GHSA-2xm2-xj2q-qgpj published Oct 21, 2020 by davimacedo

Moderate