{"url":"http://public2.vulnerablecode.io/api/packages/238069?format=json","purl":"pkg:npm/parse-server@2.6.3","type":"npm","namespace":"","name":"parse-server","version":"2.6.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.6.76","latest_non_vulnerable_version":"9.9.1-alpha.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50835?format=json","vulnerability_id":"VCID-1j65-rdzh-6bc3","summary":"Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL\nA SQL injection vulnerability exists in the PostgreSQL storage adapter when processing `Increment` operations on nested object fields using dot notation (e.g., `stats.counter`). The sub-key name is interpolated directly into SQL string literals without escaping. An attacker who can send write requests to the Parse Server REST API can inject arbitrary SQL via a crafted sub-key name containing single quotes, potentially executing commands or reading data from the database, bypassing CLPs and ACLs.\n\nOnly Postgres deployments are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31871","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13276","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13229","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13198","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13317","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13313","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31871"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.31","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:09:48Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.31"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.5","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:09:48Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31871","reference_id":"CVE-2026-31871","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31871"},{"reference_url":"https://github.com/advisories/GHSA-gqpp-xgvh-9h7h","reference_id":"GHSA-gqpp-xgvh-9h7h","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gqpp-xgvh-9h7h"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-gqpp-xgvh-9h7h","reference_id":"GHSA-gqpp-xgvh-9h7h","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:09:48Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-gqpp-xgvh-9h7h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74709?format=json","purl":"pkg:npm/parse-server@8.6.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.31"},{"url":"http://public2.vulnerablecode.io/api/packages/74708?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.5"}],"aliases":["CVE-2026-31871","GHSA-gqpp-xgvh-9h7h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1j65-rdzh-6bc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45942?format=json","vulnerability_id":"VCID-2h23-n9we-rbdj","summary":"Always-Incorrect Control Flow Implementation\nParse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`. This can pose a vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify the incoming query. The vulnerability has been fixed by refactoring the internal query pipeline for a more concise code structure and implementing a patch to ensure the `beforeFind` trigger is invoked. This fix was introduced in commit `be4c7e23c6` and has been included in releases 6.2.2 and 5.5.5. Users are advised to upgrade. Users unable to upgrade should make use of parse server's security layers to manage access levels with Class-Level Permissions and Object-Level Access Control that should be used instead of custom security layers in Cloud Code triggers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41058","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50474","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50462","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50444","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50494","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50487","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41058"},{"reference_url":"https://docs.parseplatform.org/parse-server/guide/#security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:38Z/"}],"url":"https://docs.parseplatform.org/parse-server/guide/#security"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/be4c7e23c63a2fb690685665cebed0de26be05c5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:38Z/"}],"url":"https://github.com/parse-community/parse-server/commit/be4c7e23c63a2fb690685665cebed0de26be05c5"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.5.5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:38Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.5.5"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/6.2.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:38Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/6.2.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41058","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41058"},{"reference_url":"https://github.com/advisories/GHSA-fcv6-fg5r-jm9q","reference_id":"GHSA-fcv6-fg5r-jm9q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcv6-fg5r-jm9q"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q","reference_id":"GHSA-fcv6-fg5r-jm9q","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:38Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66762?format=json","purl":"pkg:npm/parse-server@5.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/660261?format=json","purl":"pkg:npm/parse-server@6.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/66763?format=json","purl":"pkg:npm/parse-server@6.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/660266?format=json","purl":"pkg:npm/parse-server@6.3.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.3.0-alpha.1"}],"aliases":["CVE-2023-41058","GHSA-fcv6-fg5r-jm9q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2h23-n9we-rbdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52306?format=json","vulnerability_id":"VCID-2sjs-7xx9-g3ej","summary":"Incorrect Authorization\nIn parser-server, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on `sessionToken` and find valid accounts this way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5251","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54744","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54702","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.5476","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.5477","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54764","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5251"},{"reference_url":"https://github.com/parse-community/parse-server/commit/3a3a5eee5ffa48da1352423312cb767de14de269","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/3a3a5eee5ffa48da1352423312cb767de14de269"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-h4mf-75hf-67w4","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-h4mf-75hf-67w4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5251","reference_id":"CVE-2020-5251","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5251"},{"reference_url":"https://github.com/advisories/GHSA-h4mf-75hf-67w4","reference_id":"GHSA-h4mf-75hf-67w4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4mf-75hf-67w4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76813?format=json","purl":"pkg:npm/parse-server@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-6r8m-wpe8-xfhq"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-b4yy-2spz-mfdc"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-dews-z3yj-z7a4"},{"vulnerability":"VCID-e17g-g7qf-87fm"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-et7n-g719-z3cc"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gje7-sy9t-pbcz"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-rede-vp9p-wyeq"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-vqqp-ywsb-bbhv"},{"vulnerability":"VCID-vvhm-y6vy-eydm"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.1.0"}],"aliases":["CVE-2020-5251","GHSA-h4mf-75hf-67w4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2sjs-7xx9-g3ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110412?format=json","vulnerability_id":"VCID-3aau-zxk4-muaq","summary":"Protected fields exposed via LiveQuery\n### Impact\n\nParse Server LiveQuery does not remove protected fields in classes, passing them to the client.\n\n### Patches\nThe LiveQueryController now removes protected fields from the client response.\n\n### Workarounds\nUse `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields.\n\n### References\n- https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh\n- https://github.com/parse-community/parse-server\n\n### For more information\nIf you have any questions or comments about this advisory:\n- For questions or comments about this vulnerability visit our [community forum](http://community.parseplatform.org/) or [community chat](http://chat.parseplatform.org/)\n- Report other vulnerabilities at [report.parseplatform.org](https://report.parseplatform.org/)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31112","reference_id":"","reference_type":"","scores":[{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69696","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69746","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69725","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69735","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69744","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69736","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31112"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/054f3e6ab01d66a0dcfb77725af28eac1485b375","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/054f3e6ab01d66a0dcfb77725af28eac1485b375"},{"reference_url":"https://github.com/parse-community/parse-server/commit/309f64ced8700321df056fb3cc97f15007a00df1","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/commit/309f64ced8700321df056fb3cc97f15007a00df1"},{"reference_url":"https://github.com/parse-community/parse-server/commit/9fd4516cde5c742f9f29dd05468b4a43a85639a6","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/commit/9fd4516cde5c742f9f29dd05468b4a43a85639a6"},{"reference_url":"https://github.com/parse-community/parse-server/issues/8073","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/issues/8073"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8074","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/pull/8074"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.2.4","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.2.4"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31112","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31112"},{"reference_url":"https://github.com/advisories/GHSA-crrq-vr9j-fxxh","reference_id":"GHSA-crrq-vr9j-fxxh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crrq-vr9j-fxxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149051?format=json","purl":"pkg:npm/parse-server@4.10.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.13"},{"url":"http://public2.vulnerablecode.io/api/packages/593540?format=json","purl":"pkg:npm/parse-server@5.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/149052?format=json","purl":"pkg:npm/parse-server@5.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/593542?format=json","purl":"pkg:npm/parse-server@5.3.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.3.0-alpha.1"}],"aliases":["CVE-2022-31112","GHSA-crrq-vr9j-fxxh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3aau-zxk4-muaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50871?format=json","vulnerability_id":"VCID-3pbu-nwcc-hydn","summary":"Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types\nAn attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server `fileUpload.fileExtensions` option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its URL, the browser renders the file and executes the malicious code in the context of the Parse Server domain. This is a stored Cross-Site Scripting (XSS) vulnerability that can be exploited to steal session tokens, redirect users, or perform actions on behalf of other users.\n\nAffected file extensions and content types include `.svgz`, `.xht`, `.xml`, `.xsl`, `.xslt`, and content types `application/xhtml+xml` and `application/xslt+xml` for extensionless uploads. Uploading of `.html`, `.htm`, `.shtml`, `.xhtml`, and `.svg` files was already blocked.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31868","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19994","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19945","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19928","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20032","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20038","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31868"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.30","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:10:45Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.30"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:10:45Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31868","reference_id":"CVE-2026-31868","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31868"},{"reference_url":"https://github.com/advisories/GHSA-v5hf-f4c3-m5rv","reference_id":"GHSA-v5hf-f4c3-m5rv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v5hf-f4c3-m5rv"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-v5hf-f4c3-m5rv","reference_id":"GHSA-v5hf-f4c3-m5rv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:10:45Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-v5hf-f4c3-m5rv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74828?format=json","purl":"pkg:npm/parse-server@8.6.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.30"},{"url":"http://public2.vulnerablecode.io/api/packages/74827?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.4"}],"aliases":["CVE-2026-31868","GHSA-v5hf-f4c3-m5rv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3pbu-nwcc-hydn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50824?format=json","vulnerability_id":"VCID-4geq-pnnp-3fd8","summary":"Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery\nA malicious client can subscribe to a LiveQuery with a crafted `$regex` pattern that causes catastrophic backtracking, blocking the Node.js event loop. This makes the entire Parse Server unresponsive, affecting all clients. Any Parse Server deployment with LiveQuery enabled is affected. The attacker only needs the application ID and JavaScript key, both of which are public in client-side apps.\n\nThis only affects LiveQuery subscription matching, which evaluates regex in JavaScript on the Node.js event loop. Normal REST and GraphQL queries are not affected because their regex is evaluated by the database engine.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30925","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0604","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06017","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05992","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06044","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06056","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30925"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.11","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:08:58Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.11"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.0-alpha.14","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:08:58Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.0-alpha.14"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30925","reference_id":"CVE-2026-30925","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30925"},{"reference_url":"https://github.com/advisories/GHSA-mf3j-86qx-cq5j","reference_id":"GHSA-mf3j-86qx-cq5j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mf3j-86qx-cq5j"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-mf3j-86qx-cq5j","reference_id":"GHSA-mf3j-86qx-cq5j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:08:58Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-mf3j-86qx-cq5j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74672?format=json","purl":"pkg:npm/parse-server@8.6.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.11"},{"url":"http://public2.vulnerablecode.io/api/packages/74671?format=json","purl":"pkg:npm/parse-server@9.5.0-alpha.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.14"}],"aliases":["CVE-2026-30925","GHSA-mf3j-86qx-cq5j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4geq-pnnp-3fd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50878?format=json","vulnerability_id":"VCID-51jb-xry5-5qc2","summary":"Parse Server has a protected fields bypass via dot-notation in query and sort\nThe `protectedFields` class-level permission (CLP) can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation to query or sort by sub-fields of a protected field, enabling a binary oracle attack to enumerate protected field values.\n\nThis affects both MongoDB and PostgreSQL deployments.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31872","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15452","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15575","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15585","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15478","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15535","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31872"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.32","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:09:09Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.32"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.6","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:09:09Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31872","reference_id":"CVE-2026-31872","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31872"},{"reference_url":"https://github.com/advisories/GHSA-r2m8-pxm9-9c4g","reference_id":"GHSA-r2m8-pxm9-9c4g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r2m8-pxm9-9c4g"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-r2m8-pxm9-9c4g","reference_id":"GHSA-r2m8-pxm9-9c4g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:09:09Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-r2m8-pxm9-9c4g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74840?format=json","purl":"pkg:npm/parse-server@8.6.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.32"},{"url":"http://public2.vulnerablecode.io/api/packages/74839?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.6"}],"aliases":["CVE-2026-31872","GHSA-r2m8-pxm9-9c4g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51jb-xry5-5qc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110713?format=json","vulnerability_id":"VCID-5jge-ymnm-dkgy","summary":"Authentication bypass vulnerability in Apple Game Center auth adapter\n### Impact\nThe certificate in Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object.\n\n### Patches\nTo prevent this, a new `rootCertificateUrl` property is introduced to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple's Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the [current root certificate](https://developer.apple.com/news/?id=stttq465) as of May 27, 2022.\n\nKeep in mind that the root certificate can change at any time (expected to be announced by Apple) and that it is the developer's responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter.\n\n### Workarounds\nNone.\n\n### References\n- https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc\n- https://developer.apple.com/news/?id=stttq465\n- https://github.com/parse-community/parse-server\n\n### More information\n* For questions or comments about this vulnerability visit our [community forum](http://community.parseplatform.org) or [community chat](http://chat.parseplatform.org)\n* Report other vulnerabilities at [report.parseplatform.org](https://report.parseplatform.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31083","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38699","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38681","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38671","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38634","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38727","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38724","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31083"},{"reference_url":"https://developer.apple.com/news/?id=stttq465","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/"}],"url":"https://developer.apple.com/news/?id=stttq465"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/"}],"url":"https://github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8054","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/"}],"url":"https://github.com/parse-community/parse-server/pull/8054"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8054/commits/0cc299f82e367518f2fe7a53b99f3f801a338cf4","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/8054/commits/0cc299f82e367518f2fe7a53b99f3f801a338cf4"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8054/commits/2084b7c569697a5230e42511799eeac9219db5a9","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/8054/commits/2084b7c569697a5230e42511799eeac9219db5a9"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31083","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31083"},{"reference_url":"https://github.com/advisories/GHSA-rh9j-f5f8-rvgc","reference_id":"GHSA-rh9j-f5f8-rvgc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rh9j-f5f8-rvgc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149424?format=json","purl":"pkg:npm/parse-server@4.10.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.11"},{"url":"http://public2.vulnerablecode.io/api/packages/593540?format=json","purl":"pkg:npm/parse-server@5.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/149425?format=json","purl":"pkg:npm/parse-server@5.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/593542?format=json","purl":"pkg:npm/parse-server@5.3.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.3.0-alpha.1"}],"aliases":["CVE-2022-31083","GHSA-rh9j-f5f8-rvgc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jge-ymnm-dkgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91315?format=json","vulnerability_id":"VCID-5tkj-suz2-hyf2","summary":"Parse Server affected by empty authData bypassing credential requirement on signup\n### Impact\n\nA user can sign up without providing credentials by sending an empty `authData` object, bypassing the username and password requirement. This allows the creation of authenticated sessions without proper credentials, even when anonymous users are disabled.\n\n### Patches\n\nThe fix ensures that empty or non-actionable `authData` is treated the same as absent `authData` for the purpose of credential validation on new user creation. Username and password are now required when no valid auth provider data is present.\n\n### Workarounds\n\nUse a Cloud Code `beforeSave` trigger on the `_User` class to reject signups where `authData` is empty and no username/password is provided.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33042","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02004","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01985","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01991","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02015","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02007","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33042"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10219","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:10:06Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10219"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10220","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:10:06Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10220"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-wjqw-r9x4-j59v","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:10:06Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-wjqw-r9x4-j59v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33042","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33042"},{"reference_url":"https://github.com/advisories/GHSA-wjqw-r9x4-j59v","reference_id":"GHSA-wjqw-r9x4-j59v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wjqw-r9x4-j59v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113424?format=json","purl":"pkg:npm/parse-server@8.6.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.49"},{"url":"http://public2.vulnerablecode.io/api/packages/113422?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.29"}],"aliases":["CVE-2026-33042","GHSA-wjqw-r9x4-j59v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tkj-suz2-hyf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50903?format=json","vulnerability_id":"VCID-5tn5-f5x6-afbh","summary":"Parse Server has a protected fields bypass via LiveQuery subscription WHERE clause\nAn attacker can exploit LiveQuery subscriptions to infer the values of protected fields without directly receiving them. By subscribing with a WHERE clause that references a protected field (including via dot-notation or `$regex`), the attacker can observe whether LiveQuery events are delivered for matching objects. This creates a boolean oracle that leaks protected field values. The attack affects any class that has both `protectedFields` configured in Class-Level Permissions and LiveQuery enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32098","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16416","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.164","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16526","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16523","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32098"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.35","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:52:46Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.35"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.9","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:52:46Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32098","reference_id":"CVE-2026-32098","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32098"},{"reference_url":"https://github.com/advisories/GHSA-j7mm-f4rv-6q6q","reference_id":"GHSA-j7mm-f4rv-6q6q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j7mm-f4rv-6q6q"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-j7mm-f4rv-6q6q","reference_id":"GHSA-j7mm-f4rv-6q6q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:52:46Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-j7mm-f4rv-6q6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74861?format=json","purl":"pkg:npm/parse-server@8.6.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.35"},{"url":"http://public2.vulnerablecode.io/api/packages/74860?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.9"}],"aliases":["CVE-2026-32098","GHSA-j7mm-f4rv-6q6q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tn5-f5x6-afbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49449?format=json","vulnerability_id":"VCID-5web-hc9c-kbhe","summary":"Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables\nA Reflected Cross-Site Scripting (XSS) vulnerability exists in Parse Server's password reset and email verification HTML pages.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68115","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07329","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07296","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07285","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07349","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07343","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68115"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/9985","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-16T21:15:05Z/"}],"url":"https://github.com/parse-community/parse-server/pull/9985"},{"reference_url":"https://github.com/parse-community/parse-server/pull/9986","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-16T21:15:05Z/"}],"url":"https://github.com/parse-community/parse-server/pull/9986"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68115","reference_id":"CVE-2025-68115","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68115"},{"reference_url":"https://github.com/advisories/GHSA-jhgf-2h8h-ggxv","reference_id":"GHSA-jhgf-2h8h-ggxv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jhgf-2h8h-ggxv"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-jhgf-2h8h-ggxv","reference_id":"GHSA-jhgf-2h8h-ggxv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-16T21:15:05Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-jhgf-2h8h-ggxv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72999?format=json","purl":"pkg:npm/parse-server@8.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/73000?format=json","purl":"pkg:npm/parse-server@9.1.0-alpha.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.1.0-alpha.3"}],"aliases":["CVE-2025-68115","GHSA-jhgf-2h8h-ggxv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5web-hc9c-kbhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50770?format=json","vulnerability_id":"VCID-67gc-6w6e-rkcg","summary":"Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory\nThe `PagesRouter` static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured `pagesPath` directory. The boundary check uses a string prefix comparison without enforcing a directory separator boundary. An attacker can use path traversal sequences to access files in sibling directories whose names share the same prefix as the pages directory (e.g. `pages-secret` starts with `pages`).\n\nThis affects any Parse Server deployment with the `pages` feature enabled (`pages.enableRouter: true`). Exploitation requires a sibling directory of `pagesPath` whose name begins with the same string as the pages directory name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30848","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06427","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06483","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06489","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06435","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06473","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30848"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30848","reference_id":"CVE-2026-30848","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30848"},{"reference_url":"https://github.com/advisories/GHSA-hm3f-q6rw-m6wh","reference_id":"GHSA-hm3f-q6rw-m6wh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm3f-q6rw-m6wh"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-hm3f-q6rw-m6wh","reference_id":"GHSA-hm3f-q6rw-m6wh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T17:38:49Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-hm3f-q6rw-m6wh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74564?format=json","purl":"pkg:npm/parse-server@8.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/74565?format=json","purl":"pkg:npm/parse-server@9.5.0-alpha.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fdvb-gy4j-6qcn"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.8"}],"aliases":["CVE-2026-30848","GHSA-hm3f-q6rw-m6wh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67gc-6w6e-rkcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90996?format=json","vulnerability_id":"VCID-6bmy-ymay-zfdm","summary":"Parse Server vulnerable to schema poisoning via prototype pollution in deep copy\n### Impact\n\nAn attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that exploits prototype pollution in the deep copy mechanism. This allows injecting fields into class schemas that have field addition locked down, and can cause permanent schema type conflicts that cannot be resolved even with the master key.\n\n### Patches\n\nThe vulnerable third-party deep copy library has been replaced with a built-in deep clone mechanism that handles prototype properties safely, allowing the existing denylist check to correctly detect and reject the prohibited keyword.\n\n### Workarounds\n\nNone.\n\n### Vulnerability Independence\n\nThis vulnerability is not caused by or dependent on a vulnerability in a third-party dependency.\n\nThe third-party `deepcopy` library that was replaced in the fix has no known CVE or security advisory regarding this. The library functions as designed. It is not vulnerable.\n\nThe vulnerability is in parse-server's own request processing logic. Parse-server's security-critical keyword denylist check runs after the deep copy step in the request pipeline. The deep copy step strips `__proto__` properties as a normal part of its cloning behavior, which means the denylist check never sees the prohibited key. This allows an attacker to bypass both the denylist protection and class-level permissions for adding fields, resulting in schema poisoning.\n\nThe root cause is parse-server's reliance on a cloning mechanism that alters the shape of the data before the security check can inspect it. This is a logic flaw in parse-server's security pipeline, not a vulnerability in a dependency. Replacing the cloning mechanism was the fix for parse-server's own bug.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32878","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03592","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03616","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.036","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0361","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32878"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10200","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T16:13:21Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10200"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10201","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T16:13:21Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10201"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9ccr-fpp6-78qf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T16:13:21Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9ccr-fpp6-78qf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32878","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32878"},{"reference_url":"https://github.com/advisories/GHSA-9ccr-fpp6-78qf","reference_id":"GHSA-9ccr-fpp6-78qf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9ccr-fpp6-78qf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112995?format=json","purl":"pkg:npm/parse-server@8.6.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.44"},{"url":"http://public2.vulnerablecode.io/api/packages/112994?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.20"}],"aliases":["CVE-2026-32878","GHSA-9ccr-fpp6-78qf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6bmy-ymay-zfdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109039?format=json","vulnerability_id":"VCID-6n48-nv1g-6uc2","summary":"parse-server's session object properties can be updated by foreign user if object ID is known\n### Impact\n\nA foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the `user` field and then read any custom fields of that session object.\n\nNote that assigning a session to a foreign user does not usually change the privileges of neither of the two users, according to how Parse Server uses session objects internally. However, if custom logic is used to relate specific session objects to privileges this vulnerability may have a higher level of severity.\n\nThe vulnerability does not allow a foreign user to assign a session object to themselves, read the session token, and then reassign the session object to the original user to then authenticate as that user with the known session token. The vulnerability only exists for foreign session objects, a user cannot assign their own session to another user.\n\nWhile it is unlikely that the session object ID of another user is known, it is possible to brute-force guess an object ID, even though the attacker would not know to which user a successfully guessed session object ID belongs.\n\n### Patches\n\nThe fix prevents writing to foreign session objects, even if the session object ID is known.\n\n### Workarounds\n\nAdd a `beforeSave` trigger to the `_Session` class and prevent writing if the requesting user is different from the user in the session object.\n\n### References\n\n- GitHub advisory [GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39225","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44763","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44839","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44833","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.448","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44788","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44818","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39225"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/37fed3062ccc3ef1dfd49a9fc53318e72b3e4aff","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/37fed3062ccc3ef1dfd49a9fc53318e72b3e4aff"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.10.15","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.10.15"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.2.6","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.2.6"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:18Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39225","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39225"},{"reference_url":"https://github.com/advisories/GHSA-6w4q-23cf-j9jp","reference_id":"GHSA-6w4q-23cf-j9jp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6w4q-23cf-j9jp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145579?format=json","purl":"pkg:npm/parse-server@4.10.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.15"},{"url":"http://public2.vulnerablecode.io/api/packages/145580?format=json","purl":"pkg:npm/parse-server@5.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.6"}],"aliases":["CVE-2022-39225","GHSA-6w4q-23cf-j9jp","GMS-2022-4383"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6n48-nv1g-6uc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43261?format=json","vulnerability_id":"VCID-6r8m-wpe8-xfhq","summary":"Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter\nImproper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24901","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35249","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35187","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35295","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35305","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35269","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35228","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24901"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/af4a0417a9f3c1e99b3793806b4b18e04d9fa999","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/af4a0417a9f3c1e99b3793806b4b18e04d9fa999"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24901","reference_id":"CVE-2022-24901","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24901"},{"reference_url":"https://github.com/advisories/GHSA-qf8x-vqjv-92gr","reference_id":"GHSA-qf8x-vqjv-92gr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qf8x-vqjv-92gr"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr","reference_id":"GHSA-qf8x-vqjv-92gr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:08Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61957?format=json","purl":"pkg:npm/parse-server@4.10.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.10"},{"url":"http://public2.vulnerablecode.io/api/packages/61958?format=json","purl":"pkg:npm/parse-server@5.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.1"}],"aliases":["CVE-2022-24901","GHSA-qf8x-vqjv-92gr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6r8m-wpe8-xfhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44343?format=json","vulnerability_id":"VCID-7ne4-7a82-9yfx","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22474","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49243","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49218","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49206","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49182","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49253","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22474"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/e016d813e083ce6828f9abce245d15b681a224d8","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T17:36:20Z/"}],"url":"https://github.com/parse-community/parse-server/commit/e016d813e083ce6828f9abce245d15b681a224d8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22474","reference_id":"CVE-2023-22474","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22474"},{"reference_url":"https://github.com/advisories/GHSA-vm5r-c87r-pf6x","reference_id":"GHSA-vm5r-c87r-pf6x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vm5r-c87r-pf6x"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vm5r-c87r-pf6x","reference_id":"GHSA-vm5r-c87r-pf6x","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T17:36:20Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vm5r-c87r-pf6x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63830?format=json","purl":"pkg:npm/parse-server@5.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.4.1"}],"aliases":["CVE-2023-22474","GHSA-vm5r-c87r-pf6x","GMS-2023-196"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ne4-7a82-9yfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50852?format=json","vulnerability_id":"VCID-7spb-rcbx-w7gn","summary":"Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL\nA SQL injection vulnerability exists in the PostgreSQL storage adapter when processing `Increment` operations on nested object fields using dot notation (e.g., `stats.counter`). The `amount` value is interpolated directly into the SQL query without parameterization or type validation. An attacker who can send write requests to the Parse Server REST API can inject arbitrary SQL subqueries to read any data from the database, bypassing CLPs and ACLs.\n\nMongoDB deployments are not affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31856","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13198","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13317","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13313","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13229","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13276","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31856"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.29","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:11:18Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.29"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.3","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:11:18Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31856","reference_id":"CVE-2026-31856","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31856"},{"reference_url":"https://github.com/advisories/GHSA-q3vj-96h2-gwvg","reference_id":"GHSA-q3vj-96h2-gwvg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3vj-96h2-gwvg"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-q3vj-96h2-gwvg","reference_id":"GHSA-q3vj-96h2-gwvg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:11:18Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-q3vj-96h2-gwvg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74771?format=json","purl":"pkg:npm/parse-server@8.6.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.29"},{"url":"http://public2.vulnerablecode.io/api/packages/74770?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.3"}],"aliases":["CVE-2026-31856","GHSA-q3vj-96h2-gwvg"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7spb-rcbx-w7gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41095?format=json","vulnerability_id":"VCID-7xdu-ex7w-bkav","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nparse-server before 3.4.1 allows DoS after any POST to a volatile class.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1020012","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56603","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56601","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56583","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56598","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56609","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.5655","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1020012"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-PARSESERVER-455635","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-PARSESERVER-455635"},{"reference_url":"https://www.npmjs.com/advisories/1113","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1113"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1020012","reference_id":"CVE-2019-1020012","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1020012"},{"reference_url":"https://github.com/advisories/GHSA-2479-qvv7-47qq","reference_id":"GHSA-2479-qvv7-47qq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2479-qvv7-47qq"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq","reference_id":"GHSA-2479-qvv7-47qq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58229?format=json","purl":"pkg:npm/parse-server@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-2sjs-7xx9-g3ej"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-6r8m-wpe8-xfhq"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-b4yy-2spz-mfdc"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-et7n-g719-z3cc"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gje7-sy9t-pbcz"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-rede-vp9p-wyeq"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-syb7-kvv3-47gm"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-vqqp-ywsb-bbhv"},{"vulnerability":"VCID-vvhm-y6vy-eydm"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@3.4.1"}],"aliases":["CVE-2019-1020012","GHSA-2479-qvv7-47qq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7xdu-ex7w-bkav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50828?format=json","vulnerability_id":"VCID-7xk3-yn6w-nfd1","summary":"Parse Server has a rate limit bypass via batch request endpoint\nParse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint (`/batch`) processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle multiple requests targeting a rate-limited endpoint into a single batch request to circumvent the configured rate limit.\n\nAny Parse Server deployment that relies on the built-in rate limiting feature is affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30972","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19453","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19408","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19383","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19496","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19502","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30972"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.23","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:53:44Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.23"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.10","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:53:44Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.10"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30972","reference_id":"CVE-2026-30972","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30972"},{"reference_url":"https://github.com/advisories/GHSA-775h-3xrc-c228","reference_id":"GHSA-775h-3xrc-c228","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-775h-3xrc-c228"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-775h-3xrc-c228","reference_id":"GHSA-775h-3xrc-c228","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:53:44Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-775h-3xrc-c228"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74681?format=json","purl":"pkg:npm/parse-server@8.6.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.23"},{"url":"http://public2.vulnerablecode.io/api/packages/74680?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.10"}],"aliases":["CVE-2026-30972","GHSA-775h-3xrc-c228"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7xk3-yn6w-nfd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90956?format=json","vulnerability_id":"VCID-82fj-6jd2-hqc1","summary":"LiveQuery protected field leak via shared mutable state across concurrent subscribers\n### Impact\n\nWhen multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects. The sensitive data filter modifies these shared objects in-place, so when one subscriber's filter removes a protected field, subsequent subscribers may receive the already-filtered object. This can cause protected fields and authentication data to leak to clients that should not see them, or cause clients that should see the data to receive an incomplete object.\n\nAdditionally, when an afterEvent Cloud Code trigger is registered, one subscriber's trigger modifications can leak to other subscribers through the same shared mutable state.\n\nAny Parse Server deployment using LiveQuery with protected fields or afterEvent triggers is affected when multiple clients subscribe to the same class.\n\n### Patches\n\nThe fix deep-clones the shared objects at the start of each subscriber's processing callback, ensuring each subscriber works on an independent copy. Additionally, a bug was fixed where master key LiveQuery clients could not receive events on classes with protected fields due to an incorrect type passed to the sensitive data filter.\n\n### Workarounds\n\nThere is no known workaround.\n\n### Resources\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-m983-v2ff-wq65\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/pull/10330\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/pull/10331","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34363","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0681","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06847","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06813","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06815","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06809","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34363"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/5834e29234593addaa0251a85f572ad4f376320b","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:22Z/"}],"url":"https://github.com/parse-community/parse-server/commit/5834e29234593addaa0251a85f572ad4f376320b"},{"reference_url":"https://github.com/parse-community/parse-server/commit/776c71c3078e77d38c94937f463741793609d055","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:22Z/"}],"url":"https://github.com/parse-community/parse-server/commit/776c71c3078e77d38c94937f463741793609d055"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10330","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:22Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10330"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10331","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:22Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10331"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-m983-v2ff-wq65","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:22Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-m983-v2ff-wq65"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34363","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34363"},{"reference_url":"https://github.com/advisories/GHSA-m983-v2ff-wq65","reference_id":"GHSA-m983-v2ff-wq65","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m983-v2ff-wq65"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112926?format=json","purl":"pkg:npm/parse-server@8.6.65","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.65"},{"url":"http://public2.vulnerablecode.io/api/packages/112925?format=json","purl":"pkg:npm/parse-server@9.7.0-alpha.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.7.0-alpha.9"}],"aliases":["CVE-2026-34363","GHSA-m983-v2ff-wq65"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-82fj-6jd2-hqc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50731?format=json","vulnerability_id":"VCID-8d4r-sv2m-hqhe","summary":"Parse Server's Cloud Hooks and Cloud Jobs bypass `readOnlyMasterKey` write restriction\nParse Server's `readOnlyMasterKey` option allows access with master-level read privileges but is documented to deny all write operations. However, some endpoints incorrectly accept the `readOnlyMasterKey` for mutating operations. This allows a caller who only holds the `readOnlyMasterKey` to create, modify, and delete Cloud Hooks and to start Cloud Jobs, which can be used for data exfiltration.\n\nAny Parse Server deployment that uses the `readOnlyMasterKey` option is affected. Note than an attacker needs to know the `readOnlyMasterKey` to exploit this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29182","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06834","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06887","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06883","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0684","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06871","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29182"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.4","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T20:29:41Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.4"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.4.1-alpha.3","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T20:29:41Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.4.1-alpha.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29182","reference_id":"CVE-2026-29182","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29182"},{"reference_url":"https://github.com/advisories/GHSA-vc89-5g3r-cmhh","reference_id":"GHSA-vc89-5g3r-cmhh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vc89-5g3r-cmhh"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vc89-5g3r-cmhh","reference_id":"GHSA-vc89-5g3r-cmhh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T20:29:41Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vc89-5g3r-cmhh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74516?format=json","purl":"pkg:npm/parse-server@8.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74515?format=json","purl":"pkg:npm/parse-server@9.4.1-alpha.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fdvb-gy4j-6qcn"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.4.1-alpha.3"}],"aliases":["CVE-2026-29182","GHSA-vc89-5g3r-cmhh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8d4r-sv2m-hqhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50853?format=json","vulnerability_id":"VCID-8gsh-j1b9-3bew","summary":"Parse Server has a bypass of class-level permissions in LiveQuery\nClass-level permissions (CLP) are not enforced for LiveQuery subscriptions. An unauthenticated or unauthorized client can subscribe to any LiveQuery-enabled class and receive real-time events for all objects, regardless of CLP restrictions.\n\nAll Parse Server deployments that use LiveQuery with class-level permissions are affected. Data intended to be restricted by CLP is leaked to unauthorized subscribers in real time.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30947","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05287","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05247","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05293","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05309","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30947"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.16","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:42:12Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.16"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.3","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:42:12Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30947","reference_id":"CVE-2026-30947","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30947"},{"reference_url":"https://github.com/advisories/GHSA-7ch5-98q2-7289","reference_id":"GHSA-7ch5-98q2-7289","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7ch5-98q2-7289"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7ch5-98q2-7289","reference_id":"GHSA-7ch5-98q2-7289","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:42:12Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7ch5-98q2-7289"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74773?format=json","purl":"pkg:npm/parse-server@8.6.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.16"},{"url":"http://public2.vulnerablecode.io/api/packages/74772?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.3"}],"aliases":["CVE-2026-30947","GHSA-7ch5-98q2-7289"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gsh-j1b9-3bew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50841?format=json","vulnerability_id":"VCID-8xmh-99mq-ybbf","summary":"Parse Server OAuth2 authentication adapter account takeover via identity spoofing\nThe OAuth2 authentication adapter, when configured without the `useridField` option, only verifies that a token is active via the provider's token introspection endpoint, but does not verify that the token belongs to the user identified by `authData.id`. An attacker with any valid OAuth2 token from the same provider can authenticate as any other user.\n\nThis affects any Parse Server deployment that uses the generic OAuth2 authentication adapter (configured with `oauth2: true`) without setting the `useridField` option.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30967","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31593","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31664","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31698","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31617","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31626","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30967"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.22","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:24:03Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.22"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.9","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:24:03Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30967","reference_id":"CVE-2026-30967","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30967"},{"reference_url":"https://github.com/advisories/GHSA-fr88-w35c-r596","reference_id":"GHSA-fr88-w35c-r596","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fr88-w35c-r596"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-fr88-w35c-r596","reference_id":"GHSA-fr88-w35c-r596","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:24:03Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-fr88-w35c-r596"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74720?format=json","purl":"pkg:npm/parse-server@8.6.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.22"},{"url":"http://public2.vulnerablecode.io/api/packages/74719?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.9"}],"aliases":["CVE-2026-30967","GHSA-fr88-w35c-r596"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xmh-99mq-ybbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50803?format=json","vulnerability_id":"VCID-8zde-nj53-ebhu","summary":"Parse Server: SQL injection via dot-notation field name in PostgreSQL\nAn attacker can use a dot-notation field name in combination with the `sort` query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with the `distinct` and `where` query parameters.\n\nThis vulnerability only affects deployments using a PostgreSQL database.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31840","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22069","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22173","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22186","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22083","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22124","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31840"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.28","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-11T17:37:24Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.28"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.2","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-11T17:37:24Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31840","reference_id":"CVE-2026-31840","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31840"},{"reference_url":"https://github.com/advisories/GHSA-qpr4-jrj4-6f27","reference_id":"GHSA-qpr4-jrj4-6f27","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpr4-jrj4-6f27"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-qpr4-jrj4-6f27","reference_id":"GHSA-qpr4-jrj4-6f27","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-11T17:37:24Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-qpr4-jrj4-6f27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74624?format=json","purl":"pkg:npm/parse-server@8.6.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.28"},{"url":"http://public2.vulnerablecode.io/api/packages/74623?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.2"}],"aliases":["CVE-2026-31840","GHSA-qpr4-jrj4-6f27"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zde-nj53-ebhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50820?format=json","vulnerability_id":"VCID-9fqm-a5xk-j7d5","summary":"Parse Server has denylist `requestKeywordDenylist` keyword scan bypass through nested object placement\nThe `requestKeywordDenylist` security control can be bypassed by placing any nested object or array before a prohibited keyword in the request payload. This is caused by a logic bug that stops scanning sibling keys after encountering the first nested value. Any custom `requestKeywordDenylist` entries configured by the developer are equally by-passable using the same technique.\n\nAll Parse Server deployments are affected. The `requestKeywordDenylist` is enabled by default.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30938","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20885","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20995","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21009","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20888","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2095","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30938"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.12","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:56:19Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.12"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.1-alpha.1","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:56:19Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.1-alpha.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30938","reference_id":"CVE-2026-30938","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30938"},{"reference_url":"https://github.com/advisories/GHSA-q342-9w2p-57fp","reference_id":"GHSA-q342-9w2p-57fp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q342-9w2p-57fp"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-q342-9w2p-57fp","reference_id":"GHSA-q342-9w2p-57fp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:56:19Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-q342-9w2p-57fp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74663?format=json","purl":"pkg:npm/parse-server@8.6.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.12"},{"url":"http://public2.vulnerablecode.io/api/packages/74664?format=json","purl":"pkg:npm/parse-server@9.5.1-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.1-alpha.1"}],"aliases":["CVE-2026-30938","GHSA-q342-9w2p-57fp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fqm-a5xk-j7d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50923?format=json","vulnerability_id":"VCID-9kyv-xmvr-nfgf","summary":"Parse Server's OAuth2 adapter shares mutable state across providers via singleton instance\nParse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent authentication requests for different OAuth2 providers, one provider's token validation may execute using another provider's configuration, potentially allowing a token that should be rejected by one provider to be accepted because it is validated against a different provider's policy.\n\nDeployments that configure multiple OAuth2 providers via the `oauth2: true` flag are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32242","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20582","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20522","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20513","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20637","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20625","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32242"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.37","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:20:03Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.37"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.11","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:20:03Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.11"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32242","reference_id":"CVE-2026-32242","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32242"},{"reference_url":"https://github.com/advisories/GHSA-2cjm-2gwv-m892","reference_id":"GHSA-2cjm-2gwv-m892","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2cjm-2gwv-m892"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2cjm-2gwv-m892","reference_id":"GHSA-2cjm-2gwv-m892","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:20:03Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2cjm-2gwv-m892"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74885?format=json","purl":"pkg:npm/parse-server@8.6.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.37"},{"url":"http://public2.vulnerablecode.io/api/packages/74884?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.11"}],"aliases":["CVE-2026-32242","GHSA-2cjm-2gwv-m892"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kyv-xmvr-nfgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110121?format=json","vulnerability_id":"VCID-9zya-mcv5-s7g8","summary":"Remote code execution via MongoDB BSON parser through prototype pollution\n### Impact\n\nAn attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. \n\n### Patches\n\nPrevent prototype pollution in MongoDB database adapter.\n\n### Workarounds\n\nDisable remote code execution through the MongoDB BSON parser.\n\n### Collaborators\n\nMikhail Shcherbakov (KTH), Cristian-Alexandru Staicu (CISPA) and Musard Balliu (KTH) working with Trend Micro Zero Day Initiative\n\n### References\n\n- https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39396","reference_id":"","reference_type":"","scores":[{"value":"0.10994","scoring_system":"epss","scoring_elements":"0.93564","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10994","scoring_system":"epss","scoring_elements":"0.93579","published_at":"2026-06-09T12:55:00Z"},{"value":"0.10994","scoring_system":"epss","scoring_elements":"0.93572","published_at":"2026-06-08T12:55:00Z"},{"value":"0.10994","scoring_system":"epss","scoring_elements":"0.93574","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39396"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8295","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/8295"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8296","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/8296"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.10.18","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.10.18"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.3.1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.3.1"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:14Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39396","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39396"},{"reference_url":"https://github.com/advisories/GHSA-prm5-8g2m-24gg","reference_id":"GHSA-prm5-8g2m-24gg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-prm5-8g2m-24gg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148552?format=json","purl":"pkg:npm/parse-server@4.10.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.18"},{"url":"http://public2.vulnerablecode.io/api/packages/148553?format=json","purl":"pkg:npm/parse-server@5.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.3.1"}],"aliases":["CVE-2022-39396","GHSA-prm5-8g2m-24gg","GMS-2022-6498"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zya-mcv5-s7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91211?format=json","vulnerability_id":"VCID-agc3-jfsf-kbhh","summary":"Parse Server has an auth provider validation bypass on login via partial authData\n### Impact\n\nAn authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowing the user's credentials. The attacker only needs to know the user's provider ID to gain full access to their account, including a valid session token.\n\nThis affects Parse Server deployments where the server option `allowExpiredAuthDataToken` is set to `true`. The default value is `false`.\n\n### Patches\n\nAuth providers are now always validated on login, regardless of the `allowExpiredAuthDataToken` setting. The option `allowExpiredAuthDataToken` has been deprecated and will be removed in a future major version.\n\n### Workarounds\n\nSet `allowExpiredAuthDataToken` to `false` (the default) or remove the option from the server configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33409","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08474","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0844","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08494","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08515","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33409"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/8d7df5639c4a35768fe8b78b4580b30e8a74721c","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T13:39:16Z/"}],"url":"https://github.com/parse-community/parse-server/commit/8d7df5639c4a35768fe8b78b4580b30e8a74721c"},{"reference_url":"https://github.com/parse-community/parse-server/commit/98f4ba5bcf2c199bfe6225f672e8edcd08ba732d","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T13:39:16Z/"}],"url":"https://github.com/parse-community/parse-server/commit/98f4ba5bcf2c199bfe6225f672e8edcd08ba732d"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10246","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T13:39:16Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10246"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10247","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T13:39:16Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10247"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-pfj7-wv7c-22pr","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T13:39:16Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-pfj7-wv7c-22pr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33409","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33409"},{"reference_url":"https://github.com/advisories/GHSA-pfj7-wv7c-22pr","reference_id":"GHSA-pfj7-wv7c-22pr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pfj7-wv7c-22pr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113245?format=json","purl":"pkg:npm/parse-server@8.6.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.52"},{"url":"http://public2.vulnerablecode.io/api/packages/74558?format=json","purl":"pkg:npm/parse-server@9.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-shyz-tw66-b3gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/113244?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.41"}],"aliases":["CVE-2026-33409","GHSA-pfj7-wv7c-22pr"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agc3-jfsf-kbhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50845?format=json","vulnerability_id":"VCID-au5b-pexg-tubt","summary":"Parse Server has role escalation and CLP bypass via direct `_Join` table write\nParse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any client using only the application key. No master key is required.\n\nAn attacker can create, read, update, or delete records in any internal relationship table. Exploiting this allows the attacker to inject themselves into any Parse Role, gaining all permissions associated with that role, including full read, write, and delete access to classes protected by role-based Class-Level Permissions (CLP). Similarly, writing to any such table that backs a Relation field used in a `pointerFields` CLP bypasses that access control.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30966","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20111","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20062","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20045","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20151","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20158","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30966"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.20","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-11T14:31:08Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.20"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.7","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-11T14:31:08Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30966","reference_id":"CVE-2026-30966","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30966"},{"reference_url":"https://github.com/advisories/GHSA-5f92-jrq3-28rc","reference_id":"GHSA-5f92-jrq3-28rc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5f92-jrq3-28rc"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-5f92-jrq3-28rc","reference_id":"GHSA-5f92-jrq3-28rc","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-11T14:31:08Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-5f92-jrq3-28rc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74730?format=json","purl":"pkg:npm/parse-server@8.6.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.20"},{"url":"http://public2.vulnerablecode.io/api/packages/74729?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.7"}],"aliases":["CVE-2026-30966","GHSA-5f92-jrq3-28rc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-au5b-pexg-tubt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47175?format=json","vulnerability_id":"VCID-avfq-2nfn-fkdw","summary":"ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection\n### Impact\n\nThis vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database.\n\n### Patches\n\nThe algorithm to detect SQL injection has been improved.\n\n### Workarounds\n\nNone.\n\n### References\n\n- https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2\n- https://github.com/parse-community/parse-server/releases/tag/6.5.0 (fixed in Parse Server 6)\n- https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20 (fixed in Parse Server 7 alpha release)\n\n### Credits\n\n- Mikhail Shcherbakov (https://twitter.com/yu5k3) working with Trend Micro Zero Day Initiative (finder)\n- Ehsan Persania (remediation developer)\n- Manuel Trezza (coordinator)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27298","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54819","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.5482","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54799","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54825","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54815","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27298"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51e513507fcf90a504","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T15:39:53Z/"}],"url":"https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51e513507fcf90a504"},{"reference_url":"https://github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8a7389937dc35833","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T15:39:53Z/"}],"url":"https://github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8a7389937dc35833"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/6.5.0","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T15:39:53Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/6.5.0"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T15:39:53Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27298","reference_id":"CVE-2024-27298","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27298"},{"reference_url":"https://github.com/advisories/GHSA-6927-3vr9-fxf2","reference_id":"GHSA-6927-3vr9-fxf2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6927-3vr9-fxf2"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2","reference_id":"GHSA-6927-3vr9-fxf2","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T15:39:53Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69221?format=json","purl":"pkg:npm/parse-server@6.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/69222?format=json","purl":"pkg:npm/parse-server@7.0.0-alpha.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.0.0-alpha.20"}],"aliases":["CVE-2024-27298","GHSA-6927-3vr9-fxf2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avfq-2nfn-fkdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49454?format=json","vulnerability_id":"VCID-b3ks-95ke-m7dz","summary":"Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter\nThe Instagram authentication adapter allows clients to specify a custom API URL via the `apiURL` parameter in `authData`. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68150","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24621","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24573","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24564","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24678","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24688","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68150"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/9988","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T14:50:51Z/"}],"url":"https://github.com/parse-community/parse-server/pull/9988"},{"reference_url":"https://github.com/parse-community/parse-server/pull/9989","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T14:50:51Z/"}],"url":"https://github.com/parse-community/parse-server/pull/9989"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68150","reference_id":"CVE-2025-68150","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68150"},{"reference_url":"https://github.com/advisories/GHSA-3f5f-xgrj-97pf","reference_id":"GHSA-3f5f-xgrj-97pf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3f5f-xgrj-97pf"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-3f5f-xgrj-97pf","reference_id":"GHSA-3f5f-xgrj-97pf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T14:50:51Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-3f5f-xgrj-97pf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73013?format=json","purl":"pkg:npm/parse-server@8.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/74558?format=json","purl":"pkg:npm/parse-server@9.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-shyz-tw66-b3gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/73012?format=json","purl":"pkg:npm/parse-server@9.1.1-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.1.1-alpha.1"}],"aliases":["CVE-2025-68150","GHSA-3f5f-xgrj-97pf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3ks-95ke-m7dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53925?format=json","vulnerability_id":"VCID-b4yy-2spz-mfdc","summary":"Cleartext Storage of Sensitive Information\nParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server, user passwords involved in LDAP authentication are stored in cleartext. This is fixed by stripping the password after authentication to prevent cleartext password storage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26288","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36987","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37026","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37014","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37053","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37085","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37078","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26288"},{"reference_url":"https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.5.0","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.5.0"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3"},{"reference_url":"https://www.npmjs.com/advisories/1593","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1593"},{"reference_url":"https://www.npmjs.com/package/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/parse-server"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26288","reference_id":"CVE-2020-26288","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26288"},{"reference_url":"https://github.com/advisories/GHSA-4w46-w44m-3jq3","reference_id":"GHSA-4w46-w44m-3jq3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4w46-w44m-3jq3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79428?format=json","purl":"pkg:npm/parse-server@4.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-6r8m-wpe8-xfhq"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-e17g-g7qf-87fm"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gje7-sy9t-pbcz"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-rede-vp9p-wyeq"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-vqqp-ywsb-bbhv"},{"vulnerability":"VCID-vvhm-y6vy-eydm"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.5.0"}],"aliases":["CVE-2020-26288","GHSA-4w46-w44m-3jq3"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4yy-2spz-mfdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55456?format=json","vulnerability_id":"VCID-bgdt-2pkg-rbaj","summary":"ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability\nThis vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39309","reference_id":"","reference_type":"","scores":[{"value":"0.03791","scoring_system":"epss","scoring_elements":"0.8832","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03791","scoring_system":"epss","scoring_elements":"0.88305","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03791","scoring_system":"epss","scoring_elements":"0.88304","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03791","scoring_system":"epss","scoring_elements":"0.88302","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39309"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T17:29:00Z/"}],"url":"https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3"},{"reference_url":"https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T17:29:00Z/"}],"url":"https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b"},{"reference_url":"https://github.com/parse-community/parse-server/pull/9167","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T17:29:00Z/"}],"url":"https://github.com/parse-community/parse-server/pull/9167"},{"reference_url":"https://github.com/parse-community/parse-server/pull/9168","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T17:29:00Z/"}],"url":"https://github.com/parse-community/parse-server/pull/9168"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39309","reference_id":"CVE-2024-39309","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39309"},{"reference_url":"https://github.com/advisories/GHSA-c2hr-cqg6-8j6r","reference_id":"GHSA-c2hr-cqg6-8j6r","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c2hr-cqg6-8j6r"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r","reference_id":"GHSA-c2hr-cqg6-8j6r","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-02T17:29:00Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81997?format=json","purl":"pkg:npm/parse-server@6.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/81998?format=json","purl":"pkg:npm/parse-server@7.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.1.0"}],"aliases":["CVE-2024-39309","GHSA-c2hr-cqg6-8j6r"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bgdt-2pkg-rbaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91292?format=json","vulnerability_id":"VCID-c1nt-b6by-m7hu","summary":"Parse Server exposes auth data via /users/me endpoint\n### Impact\n\nAn authenticated user calling `GET /users/me` receives unsanitized auth data, including sensitive credentials such as MFA TOTP secrets and recovery codes. The endpoint internally uses master-level authentication for the session query, and the master context leaks through to the user data, bypassing auth adapter sanitization. An attacker who obtains a user's session token can extract MFA secrets to generate valid TOTP codes indefinitely.\n\n### Patches\n\nThe `/users/me` endpoint now queries the session and user data separately, using the caller's authentication context for the user query so that all security layers apply correctly.\n\n### Workarounds\n\nThere is no known workaround.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33627","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12048","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11943","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11932","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12006","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12044","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33627"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/5b8998e6866bcf75be7b5bb625e27d23bfaf912c","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:38:24Z/"}],"url":"https://github.com/parse-community/parse-server/commit/5b8998e6866bcf75be7b5bb625e27d23bfaf912c"},{"reference_url":"https://github.com/parse-community/parse-server/commit/875cf10ac979bd60f70e7a0c534e2bc194d6982f","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:38:24Z/"}],"url":"https://github.com/parse-community/parse-server/commit/875cf10ac979bd60f70e7a0c534e2bc194d6982f"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10278","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:38:24Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10278"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10279","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:38:24Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10279"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-37mj-c2wf-cx96","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:38:24Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-37mj-c2wf-cx96"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33627","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33627"},{"reference_url":"https://github.com/advisories/GHSA-37mj-c2wf-cx96","reference_id":"GHSA-37mj-c2wf-cx96","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-37mj-c2wf-cx96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113378?format=json","purl":"pkg:npm/parse-server@8.6.61","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.61"},{"url":"http://public2.vulnerablecode.io/api/packages/113375?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.55","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.55"}],"aliases":["CVE-2026-33627","GHSA-37mj-c2wf-cx96"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1nt-b6by-m7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50865?format=json","vulnerability_id":"VCID-caaw-qhvr-nqaz","summary":"Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload\nA stored cross-site scripting (XSS) vulnerability allows any authenticated user to upload an SVG file containing JavaScript. The file is served inline with `Content-Type: image/svg+xml` and without protective headers, causing the browser to execute embedded scripts in the Parse Server origin. This can be exploited to steal session tokens from `localStorage` and achieve account takeover.\n\nThe default `fileExtensions` option blocks HTML file extensions but does not block SVG, which is a well-known XSS vector. All Parse Server deployments where file upload is enabled for authenticated users (the default) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30948","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06064","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06042","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06017","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0608","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30948"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.17","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T20:41:33Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.17"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.4","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T20:41:33Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30948","reference_id":"CVE-2026-30948","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30948"},{"reference_url":"https://github.com/advisories/GHSA-hcj7-6gxh-24ww","reference_id":"GHSA-hcj7-6gxh-24ww","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcj7-6gxh-24ww"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-hcj7-6gxh-24ww","reference_id":"GHSA-hcj7-6gxh-24ww","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T20:41:33Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-hcj7-6gxh-24ww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74804?format=json","purl":"pkg:npm/parse-server@8.6.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.17"},{"url":"http://public2.vulnerablecode.io/api/packages/74803?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.4"}],"aliases":["CVE-2026-30948","GHSA-hcj7-6gxh-24ww"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-caaw-qhvr-nqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91263?format=json","vulnerability_id":"VCID-crd1-u2dd-6yh2","summary":"Parse Server: Denial of Service via unindexed database query for unconfigured auth providers\n### Impact\n\nAn unauthenticated attacker can cause Denial of Service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured providers, each request triggers a full collection scan on the user database. This can be parallelized to saturate database resources.\n\n### Patches\n\nThe fix validates that an authentication provider is configured before executing any database query. Requests with unconfigured providers are now rejected immediately without querying the database.\n\n### Workarounds\n\nThere is no known workaround other than upgrading.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33538","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34097","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34131","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34163","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34117","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34147","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33538"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/40eb442e02672986730007d0a1edb22c1c4bd357","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:37:14Z/"}],"url":"https://github.com/parse-community/parse-server/commit/40eb442e02672986730007d0a1edb22c1c4bd357"},{"reference_url":"https://github.com/parse-community/parse-server/commit/fbac847499e57f243315c5fc7135be1d58bb8e54","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:37:14Z/"}],"url":"https://github.com/parse-community/parse-server/commit/fbac847499e57f243315c5fc7135be1d58bb8e54"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10270","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:37:14Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10270"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10271","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:37:14Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10271"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-g4cf-xj29-wqqr","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:37:14Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-g4cf-xj29-wqqr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33538","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33538"},{"reference_url":"https://github.com/advisories/GHSA-g4cf-xj29-wqqr","reference_id":"GHSA-g4cf-xj29-wqqr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4cf-xj29-wqqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113343?format=json","purl":"pkg:npm/parse-server@8.6.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.58"},{"url":"http://public2.vulnerablecode.io/api/packages/113342?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.52"}],"aliases":["CVE-2026-33538","GHSA-g4cf-xj29-wqqr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crd1-u2dd-6yh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91861?format=json","vulnerability_id":"VCID-cuaf-2g3g-tuap","summary":"Parse Server's LiveQuery bypasses CLP pointer permission enforcement\n### Impact\n\nParse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission (CLP) pointer permissions (`readUserFields` and `pointerFields`). Any authenticated user can subscribe to LiveQuery events and receive real-time updates for all objects in classes protected by pointer permissions, regardless of whether the pointer fields on those objects point to the subscribing user. This bypasses the intended read access control, allowing unauthorized access to potentially sensitive data that is correctly restricted via the REST API.\n\n### Patches\n\nThe LiveQuery server now enforces pointer permissions on each event. After the existing check passes (which defers pointer permissions by design), the fix checks whether any configured pointer field on the object points to the subscribing user. Events for objects that don't match are silently skipped, consistent with how ACL mismatches are handled.\n\n### Workarounds\n\nUse ACLs on individual objects to restrict read access instead of relying solely on CLP pointer permissions. ACLs are enforced by LiveQuery.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33421","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01793","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01784","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01794","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01799","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01777","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33421"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/6c3317aca6eb618ac48f999021ae3ef7766ad1ea","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:18:10Z/"}],"url":"https://github.com/parse-community/parse-server/commit/6c3317aca6eb618ac48f999021ae3ef7766ad1ea"},{"reference_url":"https://github.com/parse-community/parse-server/commit/976dad109f3fe3fbd0a3a35ef62e7a5d35eb0bee","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:18:10Z/"}],"url":"https://github.com/parse-community/parse-server/commit/976dad109f3fe3fbd0a3a35ef62e7a5d35eb0bee"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10250","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:18:10Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10250"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10252","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:18:10Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10252"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-fph2-r4qg-9576","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:18:10Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-fph2-r4qg-9576"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33421","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33421"},{"reference_url":"https://github.com/advisories/GHSA-fph2-r4qg-9576","reference_id":"GHSA-fph2-r4qg-9576","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fph2-r4qg-9576"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114354?format=json","purl":"pkg:npm/parse-server@8.6.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.53"},{"url":"http://public2.vulnerablecode.io/api/packages/74558?format=json","purl":"pkg:npm/parse-server@9.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-shyz-tw66-b3gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114353?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.42","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.42"}],"aliases":["CVE-2026-33421","GHSA-fph2-r4qg-9576"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cuaf-2g3g-tuap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91082?format=json","vulnerability_id":"VCID-cuct-x9ub-1bd9","summary":"Parse Server has SQL Injection through aggregate and distinct field names in PostgreSQL adapter\n### Impact\n\nAn attacker with master key access can execute arbitrary SQL statements on the PostgreSQL database by injecting SQL metacharacters into field name parameters of the aggregate `$group` pipeline stage or the `distinct` operation. This allows privilege escalation from Parse Server application-level administrator to PostgreSQL database-level access.\n\nOnly Parse Server deployments using PostgreSQL are affected. MongoDB deployments are not affected.\n\n### Patches\n\nField names in the aggregate `$group._id` object values and `distinct` dot-notation parameters are now validated to only contain alphanumeric characters and underscores, preventing SQL injection via the `:raw` interpolation used in the PostgreSQL storage adapter.\n\n### Workarounds\n\nNo workaround. Upgrade to a patched version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33539","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07123","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07092","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07071","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07116","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07129","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33539"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/03249f9bf5b8783c8b848f84dab791ff0b761b8c","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:33:11Z/"}],"url":"https://github.com/parse-community/parse-server/commit/03249f9bf5b8783c8b848f84dab791ff0b761b8c"},{"reference_url":"https://github.com/parse-community/parse-server/commit/bdddab5f8b61a40cb8fc62dd895887bdd2f3838e","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:33:11Z/"}],"url":"https://github.com/parse-community/parse-server/commit/bdddab5f8b61a40cb8fc62dd895887bdd2f3838e"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10272","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:33:11Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10272"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10273","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:33:11Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10273"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-p2w6-rmh7-w8q3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:33:11Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-p2w6-rmh7-w8q3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33539","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33539"},{"reference_url":"https://github.com/advisories/GHSA-p2w6-rmh7-w8q3","reference_id":"GHSA-p2w6-rmh7-w8q3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p2w6-rmh7-w8q3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113104?format=json","purl":"pkg:npm/parse-server@8.6.59","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.59"},{"url":"http://public2.vulnerablecode.io/api/packages/113103?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.53"}],"aliases":["CVE-2026-33539","GHSA-p2w6-rmh7-w8q3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cuct-x9ub-1bd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45511?format=json","vulnerability_id":"VCID-d13k-gc2w-7yc1","summary":"Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\nParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36475","reference_id":"","reference_type":"","scores":[{"value":"0.09829","scoring_system":"epss","scoring_elements":"0.93122","published_at":"2026-06-08T12:55:00Z"},{"value":"0.09829","scoring_system":"epss","scoring_elements":"0.93125","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09829","scoring_system":"epss","scoring_elements":"0.93127","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09829","scoring_system":"epss","scoring_elements":"0.93132","published_at":"2026-06-09T12:55:00Z"},{"value":"0.09829","scoring_system":"epss","scoring_elements":"0.93129","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36475"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90"},{"reference_url":"https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f"},{"reference_url":"https://github.com/parse-community/parse-server/issues/8674","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/issues/8674"},{"reference_url":"https://github.com/parse-community/parse-server/issues/8675","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/issues/8675"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.5.2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.5.2"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/6.2.1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/6.2.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36475","reference_id":"CVE-2023-36475","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36475"},{"reference_url":"https://github.com/advisories/GHSA-462x-c3jw-7vr6","reference_id":"GHSA-462x-c3jw-7vr6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-462x-c3jw-7vr6"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6","reference_id":"GHSA-462x-c3jw-7vr6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65795?format=json","purl":"pkg:npm/parse-server@5.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/660261?format=json","purl":"pkg:npm/parse-server@6.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/65796?format=json","purl":"pkg:npm/parse-server@6.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/660266?format=json","purl":"pkg:npm/parse-server@6.3.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.3.0-alpha.1"}],"aliases":["CVE-2023-36475","GHSA-462x-c3jw-7vr6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d13k-gc2w-7yc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90016?format=json","vulnerability_id":"VCID-davb-xyy3-2qf1","summary":"Parse Server: File upload Content-Type override via extension mismatch\n### Impact\n\nA file can be uploaded with a filename extension that passes the file extension allowlist (e.g., `.txt`) but with a `Content-Type` header that differs from the extension (e.g., `text/html`). The `Content-Type` is passed to the storage adapter without consistency validation. Storage adapters that store and serve the provided Content-Type (such as S3 or GCS) serve the file with the mismatched Content-Type. The default GridFS adapter is not affected because it derives Content-Type from the filename at serving time.\n\n### Patches\n\nThe file upload now derives the Content-Type from the filename extension, overriding any user-provided Content-Type when the file has an extension.\n\n### Workarounds\n\nConfigure the storage adapter or CDN to derive Content-Type from the filename extension instead of using the stored Content-Type.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35200","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09937","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09886","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09853","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09965","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0995","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35200"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10383","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:02:43Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10383"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10384","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:02:43Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10384"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vr5f-2r24-w5hc","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:02:43Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vr5f-2r24-w5hc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35200","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35200"},{"reference_url":"https://github.com/advisories/GHSA-vr5f-2r24-w5hc","reference_id":"GHSA-vr5f-2r24-w5hc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vr5f-2r24-w5hc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/111281?format=json","purl":"pkg:npm/parse-server@8.6.73","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.73"},{"url":"http://public2.vulnerablecode.io/api/packages/111280?format=json","purl":"pkg:npm/parse-server@9.7.1-alpha.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.7.1-alpha.4"}],"aliases":["CVE-2026-35200","GHSA-vr5f-2r24-w5hc"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-davb-xyy3-2qf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50837?format=json","vulnerability_id":"VCID-dazy-p9qb-7qgk","summary":"Parse Server missing audience validation in Keycloak authentication adapter\nThe Keycloak authentication adapter does not validate the `azp` (authorized party) claim of Keycloak access tokens against the configured `client-id`. A valid access token issued by the same Keycloak realm for a *different* client application can be used to authenticate as any user on the Parse Server that uses the Keycloak adapter. This enables cross-application account takeover in multi-client Keycloak realms.\n\nAll Parse Server deployments that use the Keycloak authentication adapter with a Keycloak realm that has multiple client applications are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30949","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14668","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14609","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14585","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1471","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14704","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30949"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.18","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T20:40:36Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.18"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.5","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T20:40:36Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30949","reference_id":"CVE-2026-30949","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30949"},{"reference_url":"https://github.com/advisories/GHSA-48mh-j4p5-7j9v","reference_id":"GHSA-48mh-j4p5-7j9v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-48mh-j4p5-7j9v"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-48mh-j4p5-7j9v","reference_id":"GHSA-48mh-j4p5-7j9v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T20:40:36Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-48mh-j4p5-7j9v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74713?format=json","purl":"pkg:npm/parse-server@8.6.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.18"},{"url":"http://public2.vulnerablecode.io/api/packages/74712?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.5"}],"aliases":["CVE-2026-30949","GHSA-48mh-j4p5-7j9v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dazy-p9qb-7qgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91830?format=json","vulnerability_id":"VCID-eh2m-7t9f-tqdm","summary":"Parse Server leaks protected fields via LiveQuery afterEvent trigger\n### Impact\n\nWhen a `Parse.Cloud.afterLiveQueryEvent` trigger is registered for a class, the LiveQuery server leaks protected fields and `authData` to all subscribers of that class. Fields configured as protected via Class-Level Permissions (`protectedFields`) are included in LiveQuery event payloads for all event types (create, update, delete, enter, leave).\n\nAny user with sufficient CLP permissions to subscribe to the affected class can receive protected field data of other users, including sensitive personal information and OAuth tokens from third-party authentication providers.\n\n### Patches\n\nThe vulnerability was caused by a reference detachment bug. When an `afterEvent` trigger is registered, the LiveQuery server converts the event object to a `Parse.Object` for the trigger, then creates a new JSON copy via `toJSONwithObjects()`. The sensitive data filter was applied to the `Parse.Object` reference, but the unfiltered JSON copy was sent to clients. The fix ensures that the JSON copy is assigned back to the response object before filtering, so the filter operates on the actual data sent to clients.\n\n### Workarounds\n\nRemove all `Parse.Cloud.afterLiveQueryEvent` trigger registrations. Without an `afterEvent` trigger, the reference detachment does not occur and protected fields are correctly filtered.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33163","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11488","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11569","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11603","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11497","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11607","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33163"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10232","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:00:23Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10232"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10233","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:00:23Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10233"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-5hmj-jcgp-6hff","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:00:23Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-5hmj-jcgp-6hff"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33163","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33163"},{"reference_url":"https://github.com/advisories/GHSA-5hmj-jcgp-6hff","reference_id":"GHSA-5hmj-jcgp-6hff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5hmj-jcgp-6hff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114264?format=json","purl":"pkg:npm/parse-server@8.6.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.50"},{"url":"http://public2.vulnerablecode.io/api/packages/114262?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.35"}],"aliases":["CVE-2026-33163","GHSA-5hmj-jcgp-6hff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eh2m-7t9f-tqdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53727?format=json","vulnerability_id":"VCID-et7n-g719-z3cc","summary":"Operation on a Resource after Expiration or Release\nThe Parse Server npm package broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. However, it is not possible to create subscription objects with invalid session tokens.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15270","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48864","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48829","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.4889","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48898","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.4888","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.4885","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15270"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15270","reference_id":"CVE-2020-15270","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15270"},{"reference_url":"https://github.com/advisories/GHSA-2xm2-xj2q-qgpj","reference_id":"GHSA-2xm2-xj2q-qgpj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xm2-xj2q-qgpj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/138946?format=json","purl":"pkg:npm/parse-server@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-6r8m-wpe8-xfhq"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-b4yy-2spz-mfdc"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-e17g-g7qf-87fm"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gje7-sy9t-pbcz"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-rede-vp9p-wyeq"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-vqqp-ywsb-bbhv"},{"vulnerability":"VCID-vvhm-y6vy-eydm"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.4.0"}],"aliases":["CVE-2020-15270","GHSA-2xm2-xj2q-qgpj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-et7n-g719-z3cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91182?format=json","vulnerability_id":"VCID-f6mm-th5w-fug4","summary":"parse-server has cloud function validator bypass via prototype chain traversal\n### Impact\n\nAn attacker can bypass Cloud Function validator access controls by appending `.prototype.constructor` to the function name in the URL. When a Cloud Function handler is declared using the `function` keyword and its validator is a plain object or arrow function, the trigger store traversal resolves the handler through its own prototype chain while the validator store fails to mirror this traversal, causing all access control enforcement to be skipped.\n\nThis allows unauthenticated callers to invoke Cloud Functions that are meant to be protected by validators such as `requireUser`, `requireMaster`, or custom validation logic.\n\n### Patches\n\nThe trigger store traversal now verifies that each intermediate node is a legitimate store object before continuing traversal. If the traversal encounters a non-store value such as a function handler, it stops and returns an empty store, preventing prototype chain escape.\n\n### Workarounds\n\nUse arrow functions instead of the `function` keyword for Cloud Function handlers. Arrow functions do not have a `prototype` property and are not affected by this vulnerability.\n\n### Resources\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-vpj2-qq7w-5qq6\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/pull/10342\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/pull/10343","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34532","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12936","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12939","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13572","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13539","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13626","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34532"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/4fc48cf28f22eea200d74d883505f485234a48d7","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T17:21:00Z/"}],"url":"https://github.com/parse-community/parse-server/commit/4fc48cf28f22eea200d74d883505f485234a48d7"},{"reference_url":"https://github.com/parse-community/parse-server/commit/dc59e272665644083c5b7f6862d88ce1ef0b2674","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T17:21:00Z/"}],"url":"https://github.com/parse-community/parse-server/commit/dc59e272665644083c5b7f6862d88ce1ef0b2674"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10342","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T17:21:00Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10342"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10343","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T17:21:00Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10343"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vpj2-qq7w-5qq6","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T17:21:00Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vpj2-qq7w-5qq6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34532","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34532"},{"reference_url":"https://github.com/advisories/GHSA-vpj2-qq7w-5qq6","reference_id":"GHSA-vpj2-qq7w-5qq6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vpj2-qq7w-5qq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113211?format=json","purl":"pkg:npm/parse-server@8.6.67","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.67"},{"url":"http://public2.vulnerablecode.io/api/packages/113209?format=json","purl":"pkg:npm/parse-server@9.7.0-alpha.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.7.0-alpha.11"}],"aliases":["CVE-2026-34532","GHSA-vpj2-qq7w-5qq6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6mm-th5w-fug4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91285?format=json","vulnerability_id":"VCID-faws-rh1j-tba1","summary":"Parse Server's Cloud function dispatch crashes server via prototype chain traversal\n### Impact\n\nRemote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype chain of a registered cloud function handler, causing a stack overflow.\n\n### Patches\n\nThe fix restricts property lookups during cloud function name resolution to own properties only, preventing prototype chain traversal from stored function handlers.\n\n### Workarounds\n\nThere is no known workaround.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32886","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09562","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09532","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09502","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09582","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32886"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10210","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T16:18:19Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10210"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10211","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T16:18:19Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10211"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-4263-jgmp-7pf4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T16:18:19Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-4263-jgmp-7pf4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32886","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32886"},{"reference_url":"https://github.com/advisories/GHSA-4263-jgmp-7pf4","reference_id":"GHSA-4263-jgmp-7pf4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4263-jgmp-7pf4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113374?format=json","purl":"pkg:npm/parse-server@8.6.47","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.47"},{"url":"http://public2.vulnerablecode.io/api/packages/113373?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.24"}],"aliases":["CVE-2026-32886","GHSA-4263-jgmp-7pf4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-faws-rh1j-tba1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91025?format=json","vulnerability_id":"VCID-fnb8-edpu-e3e3","summary":"Parse Server LiveQuery subscription query depth bypass\n### Impact\n\nParse Server's LiveQuery component does not enforce the `requestComplexity.queryDepth` configuration setting when processing WebSocket subscription requests. An attacker can send a subscription with deeply nested logical operators, causing excessive recursion and CPU consumption that degrades or disrupts service availability.\n\nDeployments are affected when the LiveQuery WebSocket endpoint is reachable by untrusted clients.\n\n### Patches\n\nThe fix adds query condition depth validation to the LiveQuery subscription handler, enforcing the same `requestComplexity.queryDepth` limit that already protects REST API queries.\n\n### Workarounds\n\nThere is no known workaround other than upgrading.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33508","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20511","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20391","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20459","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20399","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33508"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/060d27053fb0fadf613c25aabab7fe0c82b7a899","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:57:12Z/"}],"url":"https://github.com/parse-community/parse-server/commit/060d27053fb0fadf613c25aabab7fe0c82b7a899"},{"reference_url":"https://github.com/parse-community/parse-server/commit/2126fe4e12f9b399dc6b4b6a3fa70cb1825f159b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:57:12Z/"}],"url":"https://github.com/parse-community/parse-server/commit/2126fe4e12f9b399dc6b4b6a3fa70cb1825f159b"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10259","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:57:12Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10259"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10260","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:57:12Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10260"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6qh5-m6g3-xhq6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:57:12Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6qh5-m6g3-xhq6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33508","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33508"},{"reference_url":"https://github.com/advisories/GHSA-6qh5-m6g3-xhq6","reference_id":"GHSA-6qh5-m6g3-xhq6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6qh5-m6g3-xhq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113031?format=json","purl":"pkg:npm/parse-server@8.6.56","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.56"},{"url":"http://public2.vulnerablecode.io/api/packages/74558?format=json","purl":"pkg:npm/parse-server@9.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-shyz-tw66-b3gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/113029?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.45"}],"aliases":["CVE-2026-33508","GHSA-6qh5-m6g3-xhq6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnb8-edpu-e3e3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109013?format=json","vulnerability_id":"VCID-fuju-xn2f-73a6","summary":"parse-server auth adapter app ID validation can be circumvented\n### Impact\n\nValidation of the authentication adapter app ID for _Facebook_ and _Spotify_ may be circumvented.\n\nThis fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for _Facebook_ or _Spotify_ and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `[\"abc\"]`). The vulnerability makes it possible to authenticate requests which are coming from a _Facebook_ or _Spotify_ app with a different app ID than the one specified in the `appIds` configuration.\n\nBoth adapters still validate the access token with the respective authentication provider. An app ID is automatically assigned by the authentication provider. For this vulnerability to be exploited, an attacker would have to be assigned an app ID by the authentication provider which is a sub-set of the server-side configured app ID.\n\nThe documentation did not explicitly specify that the parameter `appIds` must be set as an array of strings and setting a string also worked. Therefore, there is a possibility that there are deployments where `appIds` is set as a string, making them vulnerable.\n\n### Patches\n\nThe fix makes Parse Server check the type of the value set for `appIds` and throws an error if the value is not an array.\n\n### Workarounds\n\nNo known workarounds.\n\n### References\n\n- GitHub advisory [GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39231","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41377","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41407","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41396","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41427","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41457","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41452","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39231"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/8c8ec715739e0f851338cfed794409ebac66c51b","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/8c8ec715739e0f851338cfed794409ebac66c51b"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.10.16","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.10.16"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.2.7","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.2.7"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:12Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39231","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39231"},{"reference_url":"https://github.com/advisories/GHSA-r657-33vp-gp22","reference_id":"GHSA-r657-33vp-gp22","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r657-33vp-gp22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145478?format=json","purl":"pkg:npm/parse-server@4.10.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.16"},{"url":"http://public2.vulnerablecode.io/api/packages/145479?format=json","purl":"pkg:npm/parse-server@5.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.7"}],"aliases":["CVE-2022-39231","GHSA-r657-33vp-gp22","GMS-2022-4384"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fuju-xn2f-73a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91404?format=json","vulnerability_id":"VCID-g9mj-kud1-d7a3","summary":"Parse Server LiveQuery subscription with invalid regular expression crashes server\n### Impact\n\nA remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the invalid pattern reaches the regex engine during subscription matching, causing denial of service for all connected clients.\n\n### Patches\n\nThe fix validates regular expression patterns at subscription time, rejecting invalid patterns before they are stored. Additionally, a defense-in-depth try-catch prevents any subscription matching error from crashing the server process.\n\n### Workarounds\n\nDisable LiveQuery if it is not needed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32770","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13263","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13216","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13185","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13303","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13299","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32770"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10197","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:21:43Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10197"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10199","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:21:43Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10199"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-827p-g5x5-h86c","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:21:43Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-827p-g5x5-h86c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32770","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32770"},{"reference_url":"https://github.com/advisories/GHSA-827p-g5x5-h86c","reference_id":"GHSA-827p-g5x5-h86c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-827p-g5x5-h86c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113568?format=json","purl":"pkg:npm/parse-server@8.6.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.43"},{"url":"http://public2.vulnerablecode.io/api/packages/113567?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.19"}],"aliases":["CVE-2026-32770","GHSA-827p-g5x5-h86c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9mj-kud1-d7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41423?format=json","vulnerability_id":"VCID-gje7-sy9t-pbcz","summary":"Improper Handling of Exceptional Conditions\nParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39187","reference_id":"","reference_type":"","scores":[{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71539","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71545","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71495","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71528","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71506","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71521","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39187"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/308668c89474223e2448be92d6823b52c1c313ec","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/308668c89474223e2448be92d6823b52c1c313ec"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.10.3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.10.3"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-xqp8-w826-hh6x","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-xqp8-w826-hh6x"},{"reference_url":"https://jira.mongodb.org/browse/NODE-3463","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jira.mongodb.org/browse/NODE-3463"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39187","reference_id":"CVE-2021-39187","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39187"},{"reference_url":"https://github.com/advisories/GHSA-xqp8-w826-hh6x","reference_id":"GHSA-xqp8-w826-hh6x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xqp8-w826-hh6x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58915?format=json","purl":"pkg:npm/parse-server@4.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-6r8m-wpe8-xfhq"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-rede-vp9p-wyeq"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-vqqp-ywsb-bbhv"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.3"}],"aliases":["CVE-2021-39187","GHSA-xqp8-w826-hh6x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gje7-sy9t-pbcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46270?format=json","vulnerability_id":"VCID-gkng-gbtu-hkc1","summary":"Parse Server may crash when uploading file without extension\n### Impact\n\nParse Server crashes when uploading a file without extension.\n\n### Patches\n\nA permanent fix has been implemented to prevent the server from crashing.\n\n### Workarounds\n\nThere are no known workarounds.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579\n- Patched in Parse Server 6: https://github.com/parse-community/parse-server/releases/tag/6.3.1\n- Patched in Parse Server 5 (LTS): https://github.com/parse-community/parse-server/releases/tag/5.5.6","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46119","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68987","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69003","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69009","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69007","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46119"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/"}],"url":"https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe"},{"reference_url":"https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/"}],"url":"https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.5.6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.5.6"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/6.3.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/6.3.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46119","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46119"},{"reference_url":"https://github.com/advisories/GHSA-792q-q67h-w579","reference_id":"GHSA-792q-q67h-w579","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-792q-q67h-w579"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579","reference_id":"GHSA-792q-q67h-w579","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67481?format=json","purl":"pkg:npm/parse-server@5.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/67482?format=json","purl":"pkg:npm/parse-server@6.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.3.1"}],"aliases":["CVE-2023-46119","GHSA-792q-q67h-w579"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkng-gbtu-hkc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91458?format=json","vulnerability_id":"VCID-gzbr-zm1b-nkfc","summary":"Parse Server has a query condition depth bypass via pre-validation transform pipeline\n### Impact\n\nAn attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server process. The server becomes completely unresponsive and must be manually restarted. This is a bypass of the fix for CVE-2026-32944.\n\n### Patches\n\nThe query condition nesting depth is now validated before the query enters the transformation pipeline, preventing deeply nested structures from being recursively processed before the existing depth guard can fire.\n\n### Workarounds\n\nNone.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33498","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06017","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06064","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06079","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06041","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33498"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/2581b5426047ce9cbcd3d9c0e8379e9c30e23ab5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T19:32:52Z/"}],"url":"https://github.com/parse-community/parse-server/commit/2581b5426047ce9cbcd3d9c0e8379e9c30e23ab5"},{"reference_url":"https://github.com/parse-community/parse-server/commit/85994eff9e7b34cac7e1a2f5791985022a1461d1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T19:32:52Z/"}],"url":"https://github.com/parse-community/parse-server/commit/85994eff9e7b34cac7e1a2f5791985022a1461d1"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10257","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T19:32:52Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10257"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10258","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T19:32:52Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10258"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9fjp-q3c4-6w3j","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-26T19:32:52Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9fjp-q3c4-6w3j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33498","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33498"},{"reference_url":"https://github.com/advisories/GHSA-9fjp-q3c4-6w3j","reference_id":"GHSA-9fjp-q3c4-6w3j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9fjp-q3c4-6w3j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113705?format=json","purl":"pkg:npm/parse-server@8.6.55","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.55"},{"url":"http://public2.vulnerablecode.io/api/packages/74558?format=json","purl":"pkg:npm/parse-server@9.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-shyz-tw66-b3gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/113704?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.44"}],"aliases":["CVE-2026-33498","GHSA-9fjp-q3c4-6w3j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzbr-zm1b-nkfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91824?format=json","vulnerability_id":"VCID-h8hu-n8dv-ybhy","summary":"Parse Server session creation endpoint allows overwriting server-generated session fields\n### Impact\n\nAn authenticated user can overwrite server-generated session fields (`sessionToken`, `expiresAt`, `createdWith`) when creating a session object via `POST /classes/_Session`. This allows bypassing the server's session expiration policy by setting an arbitrary far-future expiration date. It also allows setting a predictable session token value.\n\n### Patches\n\nThe session creation endpoint now filters out server-generated fields from user-supplied data, preventing them from being overwritten.\n\n### Workarounds\n\nAdd a `beforeSave` trigger on the `_Session` class to validate and reject or strip any user-supplied values for `sessionToken`, `expiresAt`, and `createdWith`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32742","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05898","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05942","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05943","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05923","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05951","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32742"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10195","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:10:52Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10195"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10196","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:10:52Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10196"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-5v7g-9h8f-8pgg","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:10:52Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-5v7g-9h8f-8pgg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32742","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32742"},{"reference_url":"https://github.com/advisories/GHSA-5v7g-9h8f-8pgg","reference_id":"GHSA-5v7g-9h8f-8pgg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5v7g-9h8f-8pgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114234?format=json","purl":"pkg:npm/parse-server@8.6.42","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.42"},{"url":"http://public2.vulnerablecode.io/api/packages/114231?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.17"}],"aliases":["CVE-2026-32742","GHSA-5v7g-9h8f-8pgg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8hu-n8dv-ybhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91095?format=json","vulnerability_id":"VCID-h8ut-tkq6-r7e2","summary":"Parse Server has an MFA single-use token bypass via concurrent authData login requests\n### Impact\n\nAn attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple authenticated sessions by sending concurrent login requests via the authData login endpoint. This defeats the single-use guarantee of MFA recovery codes and SMS one-time passwords, allowing session persistence even after the legitimate user revokes detected sessions.\n\n### Patches\n\nThe fix adds optimistic locking to the authData login path, ensuring that concurrent database updates for the same user fail when the original MFA token array has already been modified by another request.\n\n### Workarounds\n\nThere is no known workaround.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34224","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0466","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04645","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04623","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05506","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05523","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34224"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/661f160edac8daac0486bc94413cf9652876ab92","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:15:54Z/"}],"url":"https://github.com/parse-community/parse-server/commit/661f160edac8daac0486bc94413cf9652876ab92"},{"reference_url":"https://github.com/parse-community/parse-server/commit/e7efbebba398ce6abe5b6b6fb9829c6ebe310fbf","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:15:54Z/"}],"url":"https://github.com/parse-community/parse-server/commit/e7efbebba398ce6abe5b6b6fb9829c6ebe310fbf"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10326","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:15:54Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10326"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10327","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:15:54Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10327"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-w73w-g5xw-rwhf","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:15:54Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-w73w-g5xw-rwhf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34224","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34224"},{"reference_url":"https://github.com/advisories/GHSA-w73w-g5xw-rwhf","reference_id":"GHSA-w73w-g5xw-rwhf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w73w-g5xw-rwhf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113117?format=json","purl":"pkg:npm/parse-server@8.6.64","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.64"},{"url":"http://public2.vulnerablecode.io/api/packages/113116?format=json","purl":"pkg:npm/parse-server@9.7.0-alpha.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.7.0-alpha.8"}],"aliases":["CVE-2026-34224","GHSA-w73w-g5xw-rwhf"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8ut-tkq6-r7e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91687?format=json","vulnerability_id":"VCID-j6q8-5bxf-7fcf","summary":"Parse Server email verification resend page leaks user existence\n### Impact\n\nThe Pages route and legacy PublicAPI route for resending email verification links return distinguishable responses depending on whether the provided username exists and has an unverified email. This allows an unauthenticated attacker to enumerate valid usernames by observing different redirect targets. The existing `emailVerifySuccessOnInvalidEmail` configuration option, which is enabled by default and protects the API route against this, did not apply to these routes.\n\n### Patches\n\nThe email verification resend routes now respect the `emailVerifySuccessOnInvalidEmail` option. When set to `true` (the default), both routes redirect to the success page regardless of the outcome, preventing user enumeration.\n\n### Workarounds\n\nThere is no known workaround to prevent the information disclosure other than upgrading.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33323","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16164","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16023","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16109","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16154","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16046","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33323"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/967aa57732202009b2389ce9ecb3130d53d657e5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:56:28Z/"}],"url":"https://github.com/parse-community/parse-server/commit/967aa57732202009b2389ce9ecb3130d53d657e5"},{"reference_url":"https://github.com/parse-community/parse-server/commit/fbda4cb0c5cbc8fad08a216823b6b64d4ae289c3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:56:28Z/"}],"url":"https://github.com/parse-community/parse-server/commit/fbda4cb0c5cbc8fad08a216823b6b64d4ae289c3"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10238","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:56:28Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10238"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10243","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:56:28Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10243"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-h29g-q5c2-9h4f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:56:28Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-h29g-q5c2-9h4f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33323","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33323"},{"reference_url":"https://github.com/advisories/GHSA-h29g-q5c2-9h4f","reference_id":"GHSA-h29g-q5c2-9h4f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h29g-q5c2-9h4f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113979?format=json","purl":"pkg:npm/parse-server@8.6.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.51"},{"url":"http://public2.vulnerablecode.io/api/packages/74558?format=json","purl":"pkg:npm/parse-server@9.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-shyz-tw66-b3gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/113978?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.40"}],"aliases":["CVE-2026-33323","GHSA-h29g-q5c2-9h4f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6q8-5bxf-7fcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91633?format=json","vulnerability_id":"VCID-j9vu-d52s-ekgq","summary":"Parse Server: MFA recovery code single-use bypass via concurrent requests\n### Impact\n\nAn attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending concurrent login requests. This defeats the single-use design of recovery codes. The attack requires the user's password, a valid recovery code, and the ability to send concurrent requests within milliseconds.\n\n### Patches\n\nThe login handler now uses optimistic locking when updating auth data that contains consumed single-use tokens. If a concurrent request has already modified the recovery array, the update fails and the login is rejected.\n\n### Workarounds\n\nThere are no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33624","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09895","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09831","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09798","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09882","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09909","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33624"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/5e70094250a36bfcc14ecd49592be2b94fba66ff","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:58:24Z/"}],"url":"https://github.com/parse-community/parse-server/commit/5e70094250a36bfcc14ecd49592be2b94fba66ff"},{"reference_url":"https://github.com/parse-community/parse-server/commit/fc3da35a81d5083b453e8967cabcc880f1a3bd0c","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:58:24Z/"}],"url":"https://github.com/parse-community/parse-server/commit/fc3da35a81d5083b453e8967cabcc880f1a3bd0c"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10275","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:58:24Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10275"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10276","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:58:24Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10276"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2299-ghjr-6vjp","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:58:24Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2299-ghjr-6vjp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33624","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33624"},{"reference_url":"https://github.com/advisories/GHSA-2299-ghjr-6vjp","reference_id":"GHSA-2299-ghjr-6vjp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2299-ghjr-6vjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113940?format=json","purl":"pkg:npm/parse-server@8.6.60","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.60"},{"url":"http://public2.vulnerablecode.io/api/packages/113939?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.54"}],"aliases":["CVE-2026-33624","GHSA-2299-ghjr-6vjp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j9vu-d52s-ekgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50400?format=json","vulnerability_id":"VCID-jnuv-zhzb-nygr","summary":"Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter\nAn unauthenticated attacker can forge a Google authentication token with `alg: \"none\"` to log in as any user linked to a Google account, without knowing their credentials. All deployments with Google authentication enabled are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27804","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12105","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12047","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1203","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12142","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12143","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27804"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/9b94083accb7f3e72c6b8126c195c7a03dd2dfd7","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T17:03:17Z/"}],"url":"https://github.com/parse-community/parse-server/commit/9b94083accb7f3e72c6b8126c195c7a03dd2dfd7"},{"reference_url":"https://github.com/parse-community/parse-server/commit/9d5942d50e55c822924c27b05aa98f1393e7a330","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T17:03:17Z/"}],"url":"https://github.com/parse-community/parse-server/commit/9d5942d50e55c822924c27b05aa98f1393e7a330"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.3","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T17:03:17Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.3"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.3.1-alpha.4","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T17:03:17Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.3.1-alpha.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27804","reference_id":"CVE-2026-27804","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27804"},{"reference_url":"https://github.com/advisories/GHSA-4q3h-vp4r-prv2","reference_id":"GHSA-4q3h-vp4r-prv2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4q3h-vp4r-prv2"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-4q3h-vp4r-prv2","reference_id":"GHSA-4q3h-vp4r-prv2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-26T17:03:17Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-4q3h-vp4r-prv2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74291?format=json","purl":"pkg:npm/parse-server@8.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74290?format=json","purl":"pkg:npm/parse-server@9.3.1-alpha.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fdvb-gy4j-6qcn"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.3.1-alpha.4"}],"aliases":["CVE-2026-27804","GHSA-4q3h-vp4r-prv2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jnuv-zhzb-nygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92106?format=json","vulnerability_id":"VCID-jsgf-t1ga-x7eq","summary":"parse-server: MFA SMS one-time password accepted twice under concurrent login\n### Impact\n\nA race condition in the MFA SMS one-time password (OTP) login path allows two concurrent `/login` requests carrying the same OTP to both succeed and both receive valid session tokens, breaking the single-use property of the OTP. The vulnerability requires the attacker to already possess the victim's password and intercept the active SMS OTP (e.g. via SIM swap, network mirror, or phishing relay) and to race the legitimate login request, so the practical attack surface is narrow.\n\nThis advisory is the same class of incomplete fix as [GHSA-2299-ghjr-6vjp](https://github.com/parse-community/parse-server/security/advisories/GHSA-2299-ghjr-6vjp) (TOTP recovery codes) and [GHSA-w73w-g5xw-rwhf](https://github.com/parse-community/parse-server/security/advisories/GHSA-w73w-g5xw-rwhf) (MFA recovery in authData-only login). Those previous fixes added optimistic locking only for array-typed authData fields; SMS MFA stores the OTP as a string, so the guard skipped it.\n\n### Patches\n\nThe optimistic lock has been generalized to cover primitive (string, number, boolean) and array authData fields. The lock is implemented as a shared helper `applyAuthDataOptimisticLock` that adds equality predicates on the original values of changed fields to the update WHERE clause. Concurrent writers racing the same single-use token now miss the WHERE condition and surface as `Invalid auth data`.\n\n### Workarounds\n\n- Disable SMS MFA and use TOTP instead (TOTP tokens are time-window validated, not stored single-use).\n- Place a rate limiter on the `/login` endpoint to reduce concurrent-request burst capacity.\n\n### Resources\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-jpq4-7fmq-q5fj\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/pull/10448\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/pull/10449","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43930","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01113","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01108","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01107","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43930"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10448","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:27:09Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10448"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10449","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:27:09Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10449"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-jpq4-7fmq-q5fj","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:27:09Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-jpq4-7fmq-q5fj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43930","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43930"},{"reference_url":"https://github.com/advisories/GHSA-jpq4-7fmq-q5fj","reference_id":"GHSA-jpq4-7fmq-q5fj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jpq4-7fmq-q5fj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114676?format=json","purl":"pkg:npm/parse-server@8.6.76","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.76"},{"url":"http://public2.vulnerablecode.io/api/packages/114675?format=json","purl":"pkg:npm/parse-server@9.9.0-alpha.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.9.0-alpha.2"}],"aliases":["CVE-2026-43930","GHSA-jpq4-7fmq-q5fj"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jsgf-t1ga-x7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110200?format=json","vulnerability_id":"VCID-k86f-a3gq-hbbv","summary":"Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers\n### Impact\n\nKeywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the `requestKeywordDenylist` option.\n\n### Patches\n\nImproved keyword detection.\n\n### Workarounds\n\nConfigure your firewall to only allow trusted servers to make request to the Parse Server Cloud Code Webhooks API, or block the API completely if you are not using the feature.\n\n### Collaborators\n\nMikhail Shcherbakov, Cristian-Alexandru Staicu and Musard Balliu working with Trend Micro Zero Day Initiative\n\n### References\n- https://github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41878","reference_id":"","reference_type":"","scores":[{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.68058","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.68098","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.68082","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.68097","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.68105","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.68096","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41878"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/0a2d412e265992d53a670011afd9d2578562adc3","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/0a2d412e265992d53a670011afd9d2578562adc3"},{"reference_url":"https://github.com/parse-community/parse-server/commit/6728da1e3591db1e27031d335d64d8f25546a06f","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/6728da1e3591db1e27031d335d64d8f25546a06f"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8301","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/8301"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8302","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/8302"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:49Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41878","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41878"},{"reference_url":"https://github.com/advisories/GHSA-xprv-wvh7-qqqx","reference_id":"GHSA-xprv-wvh7-qqqx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xprv-wvh7-qqqx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148705?format=json","purl":"pkg:npm/parse-server@4.10.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.19"},{"url":"http://public2.vulnerablecode.io/api/packages/148707?format=json","purl":"pkg:npm/parse-server@5.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.3.2"}],"aliases":["CVE-2022-41878","GHSA-xprv-wvh7-qqqx","GMS-2022-6626"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k86f-a3gq-hbbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110669?format=json","vulnerability_id":"VCID-k91x-3e4k-8bef","summary":"Invalid file request can crash server\n### Impact\nCertain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as a single instance without redundancy, the availability impact may be high.\n\n### Patches\nTo prevent this, invalid requests are now properly handled.\n\n### Workarounds\nNone\n\n### References\n- https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9\n- https://github.com/parse-community/parse-server\n\n### For more information\n- For questions or comments about this vulnerability visit our [community forum](http://community.parseplatform.org/) or [community chat](http://chat.parseplatform.org/)\n- Report other vulnerabilities at [report.parseplatform.org](https://report.parseplatform.org/)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31089","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.5655","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56609","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56603","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56601","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56583","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56598","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31089"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:53Z/"}],"url":"https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:53Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31089","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31089"},{"reference_url":"https://github.com/advisories/GHSA-xw6g-jjvf-wwf9","reference_id":"GHSA-xw6g-jjvf-wwf9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xw6g-jjvf-wwf9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149358?format=json","purl":"pkg:npm/parse-server@4.10.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.12"},{"url":"http://public2.vulnerablecode.io/api/packages/149359?format=json","purl":"pkg:npm/parse-server@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.3"}],"aliases":["CVE-2022-31089","GHSA-xw6g-jjvf-wwf9","GMS-2022-2518"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k91x-3e4k-8bef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91140?format=json","vulnerability_id":"VCID-kpnd-nb3e-2ufx","summary":"Parse Server exposes auth data via verify password endpoint\n### Impact\n\nThe verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacker who knows a user's password can extract the MFA secret to generate valid MFA codes, defeating multi-factor authentication protection.\n\n### Patches\n\nThe verify password endpoint now sanitizes authentication data through auth adapter hooks before returning the response, consistent with login and user retrieval endpoints.\n\n### Workarounds\n\nThere is no known workaround.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34215","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22261","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22248","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24694","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24751","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24703","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34215"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/5b8998e6866bcf75be7b5bb625e27d23bfaf912c","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/5b8998e6866bcf75be7b5bb625e27d23bfaf912c"},{"reference_url":"https://github.com/parse-community/parse-server/commit/770be8647424d92f5425c41fa81065ffbbb171ed","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:23:36Z/"}],"url":"https://github.com/parse-community/parse-server/commit/770be8647424d92f5425c41fa81065ffbbb171ed"},{"reference_url":"https://github.com/parse-community/parse-server/commit/875cf10ac979bd60f70e7a0c534e2bc194d6982f","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/875cf10ac979bd60f70e7a0c534e2bc194d6982f"},{"reference_url":"https://github.com/parse-community/parse-server/commit/a1d4e7b12a12f16d3870dbee582a36765858e94c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:23:36Z/"}],"url":"https://github.com/parse-community/parse-server/commit/a1d4e7b12a12f16d3870dbee582a36765858e94c"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10278","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/10278"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10279","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/10279"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10323","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:23:36Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10323"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10324","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:23:36Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10324"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-wp76-gg32-8258","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:23:36Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-wp76-gg32-8258"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34215","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34215"},{"reference_url":"https://github.com/advisories/GHSA-wp76-gg32-8258","reference_id":"GHSA-wp76-gg32-8258","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wp76-gg32-8258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113159?format=json","purl":"pkg:npm/parse-server@8.6.63","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.63"},{"url":"http://public2.vulnerablecode.io/api/packages/113158?format=json","purl":"pkg:npm/parse-server@9.7.0-alpha.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.7.0-alpha.7"}],"aliases":["CVE-2026-34215","GHSA-wp76-gg32-8258"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpnd-nb3e-2ufx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50848?format=json","vulnerability_id":"VCID-m9r5-g4pw-q7cx","summary":"Parse Server's MFA recovery codes not consumed after use\nWhen multi-factor authentication (MFA) via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These codes are intended as a fallback when the user cannot provide a TOTP token. However, recovery codes are not consumed after use, allowing the same recovery code to be used an unlimited number of times. This defeats the single-use design of recovery codes and weakens the security of MFA-protected accounts.\n\nAn attacker who obtains a single recovery code can repeatedly authenticate as the affected user without the code ever being invalidated.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31875","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33666","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33653","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33631","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.337","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33686","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31875"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.33","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:06:08Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.33"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.7","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:06:08Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31875","reference_id":"CVE-2026-31875","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31875"},{"reference_url":"https://github.com/advisories/GHSA-4hf6-3x24-c9m8","reference_id":"GHSA-4hf6-3x24-c9m8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4hf6-3x24-c9m8"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-4hf6-3x24-c9m8","reference_id":"GHSA-4hf6-3x24-c9m8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:06:08Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-4hf6-3x24-c9m8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74754?format=json","purl":"pkg:npm/parse-server@8.6.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.33"},{"url":"http://public2.vulnerablecode.io/api/packages/74753?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.7"}],"aliases":["CVE-2026-31875","GHSA-4hf6-3x24-c9m8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9r5-g4pw-q7cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91275?format=json","vulnerability_id":"VCID-mpu4-c9v9-wbdd","summary":"Parse Server has a SQL injection via query field name when using PostgreSQL\n### Impact\n\nAn attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a `$regex` query operator is passed to PostgreSQL using unparameterized string interpolation, allowing the attacker to manipulate the SQL query. While the master key controls what can be done through the Parse Server abstraction layer, this SQL injection bypasses Parse Server entirely and operates at the database level.\n\nThis vulnerability only affects Parse Server deployments using PostgreSQL.\n\n### Patches\n\nThe fix applies proper SQL identifier escaping to field names in the query handler and hardens query field name validation to reject malicious field names for all query types.\n\n### Workarounds\n\nThere is no known workaround.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-c442-97qw-j6c6\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.10\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.36","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32234","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13662","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13609","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13577","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13699","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13703","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32234"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.36","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:52:08Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.36"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.10","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:52:08Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.10"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-c442-97qw-j6c6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:52:08Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-c442-97qw-j6c6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32234","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32234"},{"reference_url":"https://github.com/advisories/GHSA-c442-97qw-j6c6","reference_id":"GHSA-c442-97qw-j6c6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c442-97qw-j6c6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113357?format=json","purl":"pkg:npm/parse-server@8.6.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.36"},{"url":"http://public2.vulnerablecode.io/api/packages/113356?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.10"}],"aliases":["CVE-2026-32234","GHSA-c442-97qw-j6c6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mpu4-c9v9-wbdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45298?format=json","vulnerability_id":"VCID-msej-ykyc-qyhp","summary":"Phishing attack vulnerability by uploading malicious HTML file\nParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 is vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for phishing attacks. The HTML page may seem legitimate because it is served under the internet domain where Parse Server is hosted, which may be the same as a company's official website domain.\n\nAn additional security issue arises when the Parse JavaScript SDK is used. The SDK stores sessions in the internet browser's local storage, which usually restricts data access depending on the internet domain. A malicious HTML file could contain a script that retrieves the user's session token from local storage and then share it with the attacker.\n\nThe fix included in versions 5.4.4 and 6.1.1 adds a new Parse Server option `fileUpload.fileExtensions` to restrict file upload on Parse Server by file extension. It is recommended to restrict file upload for HTML file extensions, which this fix disables by default. If an app requires upload of files with HTML file extensions, the option can be set to `['.*']` or another custom value to override the default.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32689","reference_id":"","reference_type":"","scores":[{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60422","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60421","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60405","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60434","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60431","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32689"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8537","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T19:07:11Z/"}],"url":"https://github.com/parse-community/parse-server/pull/8537"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8538","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T19:07:11Z/"}],"url":"https://github.com/parse-community/parse-server/pull/8538"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32689","reference_id":"CVE-2023-32689","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32689"},{"reference_url":"https://github.com/advisories/GHSA-9prm-jqwx-45x9","reference_id":"GHSA-9prm-jqwx-45x9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9prm-jqwx-45x9"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9prm-jqwx-45x9","reference_id":"GHSA-9prm-jqwx-45x9","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T19:07:11Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9prm-jqwx-45x9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65275?format=json","purl":"pkg:npm/parse-server@5.4.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/654125?format=json","purl":"pkg:npm/parse-server@5.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/65276?format=json","purl":"pkg:npm/parse-server@6.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/654145?format=json","purl":"pkg:npm/parse-server@6.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.2.0"}],"aliases":["CVE-2023-32689","GHSA-9prm-jqwx-45x9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msej-ykyc-qyhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90863?format=json","vulnerability_id":"VCID-n19y-uwm6-3udp","summary":"Parse Server's GraphQL WebSocket endpoint bypasses security middleware\n### Impact\n\nAny Parse Server deployment that uses the GraphQL API is affected. The GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection control, and query complexity limits. An attacker can connect to the WebSocket endpoint and execute GraphQL operations without providing a valid application or API key, access the GraphQL schema via introspection even when public introspection is disabled, and send arbitrarily complex queries that bypass configured complexity limits.\n\n### Patches\n\nThe unfinished GraphQL WebSocket subscription feature has been removed, including the `createSubscriptions` method and the `subscriptions-transport-ws` dependency. GraphQL subscriptions were never functional in Parse Server as the schema did not define any subscription types.\n\n### Workarounds\n\nBlock WebSocket upgrade requests to the GraphQL subscriptions path (by default `/subscriptions`) at the network level, for example using a reverse proxy or load balancer rule.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32594","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24782","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24733","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24725","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.2484","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24851","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32594"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/21330d146c68b57a930a58b8a8cd9fbf09436cf3","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/21330d146c68b57a930a58b8a8cd9fbf09436cf3"},{"reference_url":"https://github.com/parse-community/parse-server/commit/3ffba757bfc836bd034e1369f4f64304e110e375","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/3ffba757bfc836bd034e1369f4f64304e110e375"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10189","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-16T13:57:29Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10189"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10190","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-16T13:57:29Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10190"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-p2x3-8689-cwpg","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-16T13:57:29Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-p2x3-8689-cwpg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32594","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32594"},{"reference_url":"https://github.com/advisories/GHSA-p2x3-8689-cwpg","reference_id":"GHSA-p2x3-8689-cwpg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p2x3-8689-cwpg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112749?format=json","purl":"pkg:npm/parse-server@8.6.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.40"},{"url":"http://public2.vulnerablecode.io/api/packages/112747?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.14"}],"aliases":["CVE-2026-32594","GHSA-p2x3-8689-cwpg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n19y-uwm6-3udp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50774?format=json","vulnerability_id":"VCID-n514-mj64-wkfb","summary":"Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters\nThe Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is not set (`clientId` for Google/Apple, `appIds` for Facebook), JWT verification silently skips audience claim validation. This allows an attacker to use a validly signed JWT issued for a different application to authenticate as any user on the target Parse Server.\n\n- For Google and Apple, the vulnerability is exploitable when the server does not configure `clientId`. The adapters accepted this as valid and simply skipped audience validation.\n- For Facebook Limited Login, the vulnerability exists regardless of configuration. The adapter validated `appIds` only for Standard Login (Graph API), but the Limited Login JWT path never passed `appIds` as the audience to JWT verification.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30863","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1039","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10514","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10496","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10414","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10475","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30863"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30863","reference_id":"CVE-2026-30863","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30863"},{"reference_url":"https://github.com/advisories/GHSA-x6fw-778m-wr9v","reference_id":"GHSA-x6fw-778m-wr9v","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x6fw-778m-wr9v"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-x6fw-778m-wr9v","reference_id":"GHSA-x6fw-778m-wr9v","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-09T16:43:47Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-x6fw-778m-wr9v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74571?format=json","purl":"pkg:npm/parse-server@8.6.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.10"},{"url":"http://public2.vulnerablecode.io/api/packages/74570?format=json","purl":"pkg:npm/parse-server@9.5.0-alpha.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.11"}],"aliases":["CVE-2026-30863","GHSA-x6fw-778m-wr9v"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n514-mj64-wkfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89106?format=json","vulnerability_id":"VCID-n8kv-67nw-xbaw","summary":"Parse Server has a session field immutability bypass via falsy-value guard\n### Impact\n\nAn authenticated user can bypass the immutability guard on session fields (`expiresAt`, `createdWith`) by sending a null value in a PUT request to the session update endpoint. This allows nullifying the session expiry, making the session valid indefinitely and bypassing configured session length policies.\n\n### Patches\n\nThe truthiness-based guard checks were replaced with key-presence checks that reject any value for protected session fields, including null.\n\n### Workarounds\n\nThere is no known workaround. A `beforeSave` trigger on `_Session` could be used to reject null values for `expiresAt` and `createdWith`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34574","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10713","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10737","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12547","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12519","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12601","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34574"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/90802969fc713b7bc9733d7255c7519a6ed75d21","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T17:57:17Z/"}],"url":"https://github.com/parse-community/parse-server/commit/90802969fc713b7bc9733d7255c7519a6ed75d21"},{"reference_url":"https://github.com/parse-community/parse-server/commit/ebccd7fe2708007e62f705ee1c820a6766178777","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T17:57:17Z/"}],"url":"https://github.com/parse-community/parse-server/commit/ebccd7fe2708007e62f705ee1c820a6766178777"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10347","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T17:57:17Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10347"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10348","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T17:57:17Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10348"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-f6j3-w9v3-cq22","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T17:57:17Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-f6j3-w9v3-cq22"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34574","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34574"},{"reference_url":"https://github.com/advisories/GHSA-f6j3-w9v3-cq22","reference_id":"GHSA-f6j3-w9v3-cq22","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f6j3-w9v3-cq22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110139?format=json","purl":"pkg:npm/parse-server@8.6.69","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.69"},{"url":"http://public2.vulnerablecode.io/api/packages/110137?format=json","purl":"pkg:npm/parse-server@9.7.0-alpha.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.7.0-alpha.14"}],"aliases":["CVE-2026-34574","GHSA-f6j3-w9v3-cq22"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8kv-67nw-xbaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50846?format=json","vulnerability_id":"VCID-nnat-huec-buht","summary":"Parse Server vulnerable to session token exfiltration via `redirectClassNameForKey` query parameter\nA vulnerability in Parse Server's query handling allows an authenticated or unauthenticated attacker to exfiltrate session tokens of other users by exploiting the `redirectClassNameForKey` query parameter. Exfiltrated session tokens can be used to take over user accounts.\n\nThe vulnerability requires the attacker to be able to create or update an object with a new relation field, which depends on the Class-Level Permissions of at least one class.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30965","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25206","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25157","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25149","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25256","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25273","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30965"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.21","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-11T14:27:33Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.21"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.8","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-11T14:27:33Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30965","reference_id":"CVE-2026-30965","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30965"},{"reference_url":"https://github.com/advisories/GHSA-6r2j-cxgf-495f","reference_id":"GHSA-6r2j-cxgf-495f","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r2j-cxgf-495f"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6r2j-cxgf-495f","reference_id":"GHSA-6r2j-cxgf-495f","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-11T14:27:33Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6r2j-cxgf-495f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74737?format=json","purl":"pkg:npm/parse-server@8.6.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.21"},{"url":"http://public2.vulnerablecode.io/api/packages/74736?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.8"}],"aliases":["CVE-2026-30965","GHSA-6r2j-cxgf-495f"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnat-huec-buht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50868?format=json","vulnerability_id":"VCID-nqnd-8hx6-5bh4","summary":"Parse Server vulnerable to user enumeration via email verification endpoint\nThe email verification endpoint (`/verificationEmailRequest`) returns distinct error responses depending on whether an email address belongs to an existing user, is already verified, or does not exist. An attacker can send requests with different email addresses and observe the error codes to determine which email addresses are registered in the application.\n\nThis is a user enumeration vulnerability that affects any Parse Server deployment with email verification enabled (`verifyUserEmails: true`).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31901","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1396","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.14081","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1408","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13988","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.14045","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31901"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.34","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:01:34Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.34"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.8","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:01:34Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31901","reference_id":"CVE-2026-31901","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31901"},{"reference_url":"https://github.com/advisories/GHSA-w54v-hf9p-8856","reference_id":"GHSA-w54v-hf9p-8856","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w54v-hf9p-8856"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-w54v-hf9p-8856","reference_id":"GHSA-w54v-hf9p-8856","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:01:34Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-w54v-hf9p-8856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74812?format=json","purl":"pkg:npm/parse-server@8.6.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.34"},{"url":"http://public2.vulnerablecode.io/api/packages/74811?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.8"}],"aliases":["CVE-2026-31901","GHSA-w54v-hf9p-8856"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqnd-8hx6-5bh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91617?format=json","vulnerability_id":"VCID-p1jm-h97h-vkhv","summary":"Parse Server has a password reset token single-use bypass via concurrent requests\n### Impact\n\nThe password reset mechanism does not enforce single-use guarantees for reset tokens. When a user requests a password reset, the generated token can be consumed by multiple concurrent requests within a short time window. An attacker who has intercepted a password reset token can race the legitimate user's password reset request, causing both requests to succeed. This may result in the legitimate user believing their password was changed successfully while the attacker's password takes effect instead.\n\nAll Parse Server deployments that use the password reset feature are affected.\n\n### Patches\n\nThe password reset token is now atomically validated and consumed as part of the password update operation. The database query that updates the password includes the reset token as a condition, ensuring that only one concurrent request can successfully consume the token. Subsequent requests using the same token will fail because the token has already been cleared.\n\n### Workarounds\n\nThere is no known workaround other than upgrading.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32943","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01648","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01642","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01646","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01654","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32943"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10216","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:48:42Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10216"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10217","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:48:42Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10217"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-r3xq-68wh-gwvh","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:48:42Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-r3xq-68wh-gwvh"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32943","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32943"},{"reference_url":"https://github.com/advisories/GHSA-r3xq-68wh-gwvh","reference_id":"GHSA-r3xq-68wh-gwvh","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r3xq-68wh-gwvh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113930?format=json","purl":"pkg:npm/parse-server@8.6.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.48"},{"url":"http://public2.vulnerablecode.io/api/packages/113929?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.28"}],"aliases":["CVE-2026-32943","GHSA-r3xq-68wh-gwvh"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1jm-h97h-vkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50854?format=json","vulnerability_id":"VCID-p27e-zbjb-ebbh","summary":"Parse Server has a NoSQL injection via token type in password reset and email verification endpoints\nA NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the `token` field in the password reset and email verification resend endpoints. The `token` value is passed to database queries without type validation and can be used to extract password reset and email verification tokens.\n\nAny Parse Server deployment using MongoDB with email verification or password reset enabled is affected. When `emailVerifyTokenReuseIfValid` is configured, the email verification token can be fully extracted and used to verify a user's email address without inbox access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30941","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18644","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18764","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18762","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18662","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18724","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30941"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.14","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:57:04Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.14"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.1","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:57:04Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30941","reference_id":"CVE-2026-30941","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30941"},{"reference_url":"https://github.com/advisories/GHSA-vgjh-hmwf-c588","reference_id":"GHSA-vgjh-hmwf-c588","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vgjh-hmwf-c588"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vgjh-hmwf-c588","reference_id":"GHSA-vgjh-hmwf-c588","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:57:04Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vgjh-hmwf-c588"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74775?format=json","purl":"pkg:npm/parse-server@8.6.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.14"},{"url":"http://public2.vulnerablecode.io/api/packages/74774?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.1"}],"aliases":["CVE-2026-30941","GHSA-vgjh-hmwf-c588"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p27e-zbjb-ebbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50732?format=json","vulnerability_id":"VCID-p34v-j1s6-a7hn","summary":"parse-server: Malformed `$regex` query leaks database error details in API response\nA malformed $regex query parameter (e.g. `[abc)` causes the database to return a structured error object that is passed unsanitized through the API response. This leaks database internals such as error messages, error codes, code names, cluster timestamps, and topology details. The vulnerability is exploitable by any client that can send query requests, depending on the deployment's permission configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30835","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0285","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02918","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02912","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02817","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02866","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30835"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.7","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:28:44Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.7"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.0-alpha.6","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:28:44Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.0-alpha.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30835","reference_id":"CVE-2026-30835","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30835"},{"reference_url":"https://github.com/advisories/GHSA-9cp7-3q5w-j92g","reference_id":"GHSA-9cp7-3q5w-j92g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9cp7-3q5w-j92g"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9cp7-3q5w-j92g","reference_id":"GHSA-9cp7-3q5w-j92g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:28:44Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9cp7-3q5w-j92g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74518?format=json","purl":"pkg:npm/parse-server@8.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/74517?format=json","purl":"pkg:npm/parse-server@9.5.0-alpha.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fdvb-gy4j-6qcn"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.6"}],"aliases":["CVE-2026-30835","GHSA-9cp7-3q5w-j92g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p34v-j1s6-a7hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108832?format=json","vulnerability_id":"VCID-pb34-8r9n-63ac","summary":"parse-server crashes when receiving file download request with invalid byte range\n### Impact\n\nParse Server crashes when a file download request is received with an invalid byte range.\n\n### Patches\n\nImproved parsing of the range parameter to properly handle invalid range requests.\n\n### Workarounds\n\nNone\n\n### References\n\n- [GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39313","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.5655","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56609","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56603","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56601","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56583","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56598","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39313"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/066f29673ab4030b6b5b90c0c0326f7d3fe7612a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/066f29673ab4030b6b5b90c0c0326f7d3fe7612a"},{"reference_url":"https://github.com/parse-community/parse-server/commit/3d7a61ecd5231638f01ff1a965b6313043c594a7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/3d7a61ecd5231638f01ff1a965b6313043c594a7"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.10.17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.10.17"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:49:54Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39313","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39313"},{"reference_url":"https://github.com/advisories/GHSA-h423-w6qv-2wj3","reference_id":"GHSA-h423-w6qv-2wj3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h423-w6qv-2wj3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/144962?format=json","purl":"pkg:npm/parse-server@4.10.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.17"},{"url":"http://public2.vulnerablecode.io/api/packages/144965?format=json","purl":"pkg:npm/parse-server@5.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.8"}],"aliases":["CVE-2022-39313","GHSA-h423-w6qv-2wj3","GMS-2022-5505"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pb34-8r9n-63ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55945?format=json","vulnerability_id":"VCID-pr98-q3e2-tydx","summary":"Parse Server's custom object ID allows to acquire role privileges\nIf the Parse Server option `allowCustomObjectId: true` is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47183","reference_id":"","reference_type":"","scores":[{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.5998","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59998","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.60009","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.60006","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47183"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/13ee52f0d19ef3a3524b3d79aea100e587eb3cfc","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-04T15:24:37Z/"}],"url":"https://github.com/parse-community/parse-server/commit/13ee52f0d19ef3a3524b3d79aea100e587eb3cfc"},{"reference_url":"https://github.com/parse-community/parse-server/commit/1bfbccf9ee7ea77533b2b2aa7c4c69f3bd35e66f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-04T15:24:37Z/"}],"url":"https://github.com/parse-community/parse-server/commit/1bfbccf9ee7ea77533b2b2aa7c4c69f3bd35e66f"},{"reference_url":"https://github.com/parse-community/parse-server/pull/9317","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-04T15:24:37Z/"}],"url":"https://github.com/parse-community/parse-server/pull/9317"},{"reference_url":"https://github.com/parse-community/parse-server/pull/9318","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-04T15:24:37Z/"}],"url":"https://github.com/parse-community/parse-server/pull/9318"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47183","reference_id":"CVE-2024-47183","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47183"},{"reference_url":"https://github.com/advisories/GHSA-8xq9-g7ch-35hg","reference_id":"GHSA-8xq9-g7ch-35hg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xq9-g7ch-35hg"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-8xq9-g7ch-35hg","reference_id":"GHSA-8xq9-g7ch-35hg","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-04T15:24:37Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-8xq9-g7ch-35hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82849?format=json","purl":"pkg:npm/parse-server@6.5.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.5.9"},{"url":"http://public2.vulnerablecode.io/api/packages/82850?format=json","purl":"pkg:npm/parse-server@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.3.0"}],"aliases":["CVE-2024-47183","GHSA-8xq9-g7ch-35hg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pr98-q3e2-tydx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47277?format=json","vulnerability_id":"VCID-pt5h-ubds-5bah","summary":"Server crashes on invalid Cloud Function or Cloud Job name\nCalling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29027","reference_id":"","reference_type":"","scores":[{"value":"0.01895","scoring_system":"epss","scoring_elements":"0.83577","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01895","scoring_system":"epss","scoring_elements":"0.83564","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01895","scoring_system":"epss","scoring_elements":"0.83572","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01895","scoring_system":"epss","scoring_elements":"0.83574","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01895","scoring_system":"epss","scoring_elements":"0.83576","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29027"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-20T14:37:25Z/"}],"url":"https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b"},{"reference_url":"https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-20T14:37:25Z/"}],"url":"https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/6.5.5","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-20T14:37:25Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/6.5.5"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-20T14:37:25Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29027","reference_id":"CVE-2024-29027","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29027"},{"reference_url":"https://github.com/advisories/GHSA-6hh7-46r2-vf29","reference_id":"GHSA-6hh7-46r2-vf29","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6hh7-46r2-vf29"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29","reference_id":"GHSA-6hh7-46r2-vf29","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-20T14:37:25Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69459?format=json","purl":"pkg:npm/parse-server@6.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/69460?format=json","purl":"pkg:npm/parse-server@7.0.0-alpha.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.0.0-alpha.29"}],"aliases":["CVE-2024-29027","GHSA-6hh7-46r2-vf29"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pt5h-ubds-5bah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50843?format=json","vulnerability_id":"VCID-pwb4-41pr-6kfs","summary":"Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes\nThe `_GraphQLConfig` and `_Audience` internal classes can be read, modified, and deleted via the generic `/classes/_GraphQLConfig` and `/classes/_Audience` REST API routes without master key authentication. This bypasses the master key enforcement that exists on the dedicated `/graphql-config` and `/push_audiences` endpoints. An attacker can read, modify and delete GraphQL configuration and push audience data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31800","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28161","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28122","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28118","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28203","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28253","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31800"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.25","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:53:42Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.25"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:53:42Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.12"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31800","reference_id":"CVE-2026-31800","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31800"},{"reference_url":"https://github.com/advisories/GHSA-7xg7-rqf6-pw6c","reference_id":"GHSA-7xg7-rqf6-pw6c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7xg7-rqf6-pw6c"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7xg7-rqf6-pw6c","reference_id":"GHSA-7xg7-rqf6-pw6c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:53:42Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7xg7-rqf6-pw6c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74726?format=json","purl":"pkg:npm/parse-server@8.6.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.25"},{"url":"http://public2.vulnerablecode.io/api/packages/74725?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.12"}],"aliases":["CVE-2026-31800","GHSA-7xg7-rqf6-pw6c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwb4-41pr-6kfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50741?format=json","vulnerability_id":"VCID-q8xg-vs4w-d7g7","summary":"parse-server's file creation and deletion bypasses `readOnlyMasterKey` write restriction\nThe `readOnlyMasterKey` can be used to create and delete files via the Files API (`POST /files/:filename`, `DELETE /files/:filename`). This bypasses the read-only restriction which violates the access scope of the `readOnlyMasterKey`.\n\nAny Parse Server deployment that uses `readOnlyMasterKey` and exposes the Files API is affected. An attacker with access to the `readOnlyMasterKey` can upload arbitrary files or delete existing files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30228","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.034","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0338","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03379","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03415","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03402","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30228"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.5","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:29:21Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.5"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.0-alpha.3","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:29:21Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.0-alpha.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30228","reference_id":"CVE-2026-30228","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30228"},{"reference_url":"https://github.com/advisories/GHSA-xfh7-phr7-gr2x","reference_id":"GHSA-xfh7-phr7-gr2x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xfh7-phr7-gr2x"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-xfh7-phr7-gr2x","reference_id":"GHSA-xfh7-phr7-gr2x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:29:21Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-xfh7-phr7-gr2x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74527?format=json","purl":"pkg:npm/parse-server@8.6.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74526?format=json","purl":"pkg:npm/parse-server@9.5.0-alpha.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fdvb-gy4j-6qcn"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.3"}],"aliases":["CVE-2026-30228","GHSA-xfh7-phr7-gr2x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8xg-vs4w-d7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50844?format=json","vulnerability_id":"VCID-qbz7-9nkp-xfew","summary":"Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API\nAn unauthenticated attacker can exhaust Parse Server resources (CPU, memory, database connections) through crafted queries that exploit the lack of complexity limits in the REST and GraphQL APIs.\n\nAll Parse Server deployments using the REST or GraphQL API are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30946","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06519","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06571","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06572","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06522","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06561","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30946"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.15","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:29:18Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.15"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:29:18Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30946","reference_id":"CVE-2026-30946","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30946"},{"reference_url":"https://github.com/advisories/GHSA-cmj3-wx7h-ffvg","reference_id":"GHSA-cmj3-wx7h-ffvg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cmj3-wx7h-ffvg"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-cmj3-wx7h-ffvg","reference_id":"GHSA-cmj3-wx7h-ffvg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:29:18Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-cmj3-wx7h-ffvg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74727?format=json","purl":"pkg:npm/parse-server@8.6.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.15"},{"url":"http://public2.vulnerablecode.io/api/packages/74728?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.2"}],"aliases":["CVE-2026-30946","GHSA-cmj3-wx7h-ffvg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbz7-9nkp-xfew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50850?format=json","vulnerability_id":"VCID-qupn-1ytd-tkae","summary":"Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction\nThe LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input (`authData.id`) is interpolated directly into LDAP Distinguished Names (DN) and group search filters without escaping special characters. This allows an attacker with valid LDAP credentials to manipulate the bind DN structure and to bypass group membership checks. This enables privilege escalation from any authenticated LDAP user to a member of any restricted group.\n\nThe vulnerability affects Parse Server deployments that use the LDAP authentication adapter with group-based access control.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31828","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37222","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37196","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37183","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37254","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37247","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31828"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.26","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:51:50Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.26"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.13","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:51:50Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.13"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31828","reference_id":"CVE-2026-31828","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31828"},{"reference_url":"https://github.com/advisories/GHSA-7m6r-fhh7-r47c","reference_id":"GHSA-7m6r-fhh7-r47c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7m6r-fhh7-r47c"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7m6r-fhh7-r47c","reference_id":"GHSA-7m6r-fhh7-r47c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:51:50Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7m6r-fhh7-r47c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74763?format=json","purl":"pkg:npm/parse-server@8.6.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.26"},{"url":"http://public2.vulnerablecode.io/api/packages/74762?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.13"}],"aliases":["CVE-2026-31828","GHSA-7m6r-fhh7-r47c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qupn-1ytd-tkae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50815?format=json","vulnerability_id":"VCID-r432-uepe-vuah","summary":"Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution\nAn unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The server recurses infinitely, causing a call stack size error that terminates the process.\n\nOther prototype property names bypass Cloud Function dispatch validation and return HTTP 200 responses, even though no such Cloud Functions are defined. The same applies to dot-notation traversal.\n\nAll Parse Server deployments that expose the Cloud Function endpoint are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30939","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39629","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39616","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.396","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39656","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39652","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30939"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.13","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:56:39Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.13"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.1-alpha.2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:56:39Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.1-alpha.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30939","reference_id":"CVE-2026-30939","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30939"},{"reference_url":"https://github.com/advisories/GHSA-5j86-7r7m-p8h6","reference_id":"GHSA-5j86-7r7m-p8h6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5j86-7r7m-p8h6"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-5j86-7r7m-p8h6","reference_id":"GHSA-5j86-7r7m-p8h6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:56:39Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-5j86-7r7m-p8h6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74655?format=json","purl":"pkg:npm/parse-server@8.6.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.13"},{"url":"http://public2.vulnerablecode.io/api/packages/74656?format=json","purl":"pkg:npm/parse-server@9.5.1-alpha.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.1-alpha.2"}],"aliases":["CVE-2026-30939","GHSA-5j86-7r7m-p8h6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r432-uepe-vuah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89265?format=json","vulnerability_id":"VCID-r9jq-4te8-xkfb","summary":"Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value\n### Impact\n\nAn authenticated user with `find` class-level permission can bypass the `protectedFields` class-level permission setting on LiveQuery subscriptions. By sending a subscription with a `$or`, `$and`, or `$nor` operator value as a plain object with numeric keys and a `length` property (an \"array-like\" object) instead of an array, the protected-field guard is bypassed. The subscription event firing acts as a binary oracle, allowing the attacker to infer whether a protected field matches a given test value.\n\n### Patches\n\nThe fix validates that `$or`, `$and`, and `$nor` operator values are arrays in the LiveQuery subscription handler, the query depth checker, and the protected-field guard. As defense in depth, the LiveQuery query evaluator also rejects non-array values for these operators.\n\n### Workarounds\n\nThere is no known workaround.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34595","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10713","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10737","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12547","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12519","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12601","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34595"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/f63fd1a3fe0a7c1c5fe809f01b0e04759e8c9b98","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T17:22:23Z/"}],"url":"https://github.com/parse-community/parse-server/commit/f63fd1a3fe0a7c1c5fe809f01b0e04759e8c9b98"},{"reference_url":"https://github.com/parse-community/parse-server/commit/ffad0ec6b971ee0dd9545e1bf1fb34ddebf275c2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T17:22:23Z/"}],"url":"https://github.com/parse-community/parse-server/commit/ffad0ec6b971ee0dd9545e1bf1fb34ddebf275c2"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10350","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T17:22:23Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10350"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10351","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T17:22:23Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10351"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-mmg8-87c5-jrc2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T17:22:23Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-mmg8-87c5-jrc2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34595","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34595"},{"reference_url":"https://github.com/advisories/GHSA-mmg8-87c5-jrc2","reference_id":"GHSA-mmg8-87c5-jrc2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmg8-87c5-jrc2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110307?format=json","purl":"pkg:npm/parse-server@8.6.70","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.70"},{"url":"http://public2.vulnerablecode.io/api/packages/110306?format=json","purl":"pkg:npm/parse-server@9.7.0-alpha.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.7.0-alpha.16"}],"aliases":["CVE-2026-34595","GHSA-mmg8-87c5-jrc2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r9jq-4te8-xkfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42637?format=json","vulnerability_id":"VCID-rede-vp9p-wyeq","summary":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nParse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24760","reference_id":"","reference_type":"","scores":[{"value":"0.75565","scoring_system":"epss","scoring_elements":"0.98915","published_at":"2026-06-09T12:55:00Z"},{"value":"0.75565","scoring_system":"epss","scoring_elements":"0.98918","published_at":"2026-06-06T12:55:00Z"},{"value":"0.75565","scoring_system":"epss","scoring_elements":"0.98917","published_at":"2026-06-07T12:55:00Z"},{"value":"0.75565","scoring_system":"epss","scoring_elements":"0.98916","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24760"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/886bfd7cac69496e3f73d4bb536f0eec3cba0e4d","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:33Z/"}],"url":"https://github.com/parse-community/parse-server/commit/886bfd7cac69496e3f73d4bb536f0eec3cba0e4d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24760","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24760"},{"reference_url":"https://www.huntr.dev/bounties/ac24b343-e7da-4bc7-ab38-4f4f5cc9d099","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.huntr.dev/bounties/ac24b343-e7da-4bc7-ab38-4f4f5cc9d099"},{"reference_url":"https://www.huntr.dev/bounties/ac24b343-e7da-4bc7-ab38-4f4f5cc9d099/","reference_id":"ac24b343-e7da-4bc7-ab38-4f4f5cc9d099","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:33Z/"}],"url":"https://www.huntr.dev/bounties/ac24b343-e7da-4bc7-ab38-4f4f5cc9d099/"},{"reference_url":"https://github.com/advisories/GHSA-p6h4-93qp-jhcm","reference_id":"GHSA-p6h4-93qp-jhcm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p6h4-93qp-jhcm"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-p6h4-93qp-jhcm","reference_id":"GHSA-p6h4-93qp-jhcm","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:33Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-p6h4-93qp-jhcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60961?format=json","purl":"pkg:npm/parse-server@4.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-6r8m-wpe8-xfhq"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.7"}],"aliases":["CVE-2022-24760","GHSA-p6h4-93qp-jhcm"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rede-vp9p-wyeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89092?format=json","vulnerability_id":"VCID-sd7z-5aa7-f7aw","summary":"Parse Server has a login timing side-channel reveals user existence\n### Impact\n\nThe login endpoint response time differs measurably depending on whether the submitted username or email exists in the database. When a user is not found, the server responds immediately. When a user exists but the password is wrong, a bcrypt comparison runs first, adding significant latency. This timing difference allows an unauthenticated attacker to enumerate valid usernames.\n\n### Patches\n\nA dummy bcrypt comparison is now performed when no user is found, normalizing response timing regardless of user existence. Additionally, accounts without a stored password (e.g. OAuth-only) now also run a dummy comparison to prevent the same timing oracle.\n\n### Workarounds\n\nConfigure rate limiting on the login endpoint to slow automated enumeration. This reduces throughput but does not eliminate the timing signal for individual requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39321","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08988","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08966","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08939","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08985","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09005","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39321"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10398","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T18:44:58Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10398"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10399","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T18:44:58Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10399"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-mmpq-5hcv-hf2v","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T18:44:58Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-mmpq-5hcv-hf2v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39321","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39321"},{"reference_url":"https://github.com/advisories/GHSA-mmpq-5hcv-hf2v","reference_id":"GHSA-mmpq-5hcv-hf2v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmpq-5hcv-hf2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110119?format=json","purl":"pkg:npm/parse-server@8.6.74","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.74"},{"url":"http://public2.vulnerablecode.io/api/packages/110118?format=json","purl":"pkg:npm/parse-server@9.8.0-alpha.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.8.0-alpha.6"}],"aliases":["CVE-2026-39321","GHSA-mmpq-5hcv-hf2v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sd7z-5aa7-f7aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108997?format=json","vulnerability_id":"VCID-sdps-4hhb-ebfw","summary":"Parse Server vulnerable to brute force guessing of user sensitive data via search patterns\n### Impact\n\nInternal fields (keys used internally by Parse Server, prefixed by `_`) and protected fields (user defined) can be used as query constraints. Internal and protected fields are removed by Parse Server from query results and are only returned to the client using a valid master key. However, using query constraints, these fields can be guessed by enumerating until Parse Server returns a response object.\n\n### Patches\n\nThe patch requires the master key to use internal and protected fields as query constraints.\n\n### Workarounds\n\nImplement a Parse Cloud Trigger `beforeFind` and manually remove the query constraints, such as:\n\n```js\nParse.Cloud.beforeFind('TestObject', ({ query }) => {\n  for (const key in query._where || []) {\n    // Repeat logic for protected fields\n    if (key.charAt(0) === '_') {\n      delete query._where[key];\n    }\n  }\n});\n```\n\n### References\n\n- https://github.com/parse-community/parse-server/security/advisories/GHSA-2m6g-crv8-p3c6","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36079","reference_id":"","reference_type":"","scores":[{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69696","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69746","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69725","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69735","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69744","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69736","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36079"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/634c44acd18f6ee6ec60fac89a2b602d92799bec","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/commit/634c44acd18f6ee6ec60fac89a2b602d92799bec"},{"reference_url":"https://github.com/parse-community/parse-server/commit/e39d51bd329cd978589983bd659db46e1d45aad4","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/commit/e39d51bd329cd978589983bd659db46e1d45aad4"},{"reference_url":"https://github.com/parse-community/parse-server/issues/8143","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/issues/8143"},{"reference_url":"https://github.com/parse-community/parse-server/issues/8144","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/issues/8144"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.10.14","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.10.14"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.2.5","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.2.5"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2m6g-crv8-p3c6","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2m6g-crv8-p3c6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36079","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36079"},{"reference_url":"https://github.com/advisories/GHSA-2m6g-crv8-p3c6","reference_id":"GHSA-2m6g-crv8-p3c6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2m6g-crv8-p3c6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145419?format=json","purl":"pkg:npm/parse-server@4.10.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.14"},{"url":"http://public2.vulnerablecode.io/api/packages/145420?format=json","purl":"pkg:npm/parse-server@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.5"}],"aliases":["CVE-2022-36079","GHSA-2m6g-crv8-p3c6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdps-4hhb-ebfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50768?format=json","vulnerability_id":"VCID-shyz-tw66-b3gv","summary":"Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization\nThe file metadata endpoint (GET `/files/:appId/metadata/:filename`) does not enforce `beforeFind` / `afterFind` file triggers. When these triggers are used as access-control gates, the metadata endpoint bypasses them entirely, allowing unauthorized access to file metadata.\n\nThis affects any deployment that relies on `Parse.Cloud.beforeFind(Parse.File, ...)` to restrict file access. Only file metadata (user-defined key-value pairs set via addMetadata) is exposed; file content remains protected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30850","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06154","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06131","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06108","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06159","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06171","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30850"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30850","reference_id":"CVE-2026-30850","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30850"},{"reference_url":"https://github.com/advisories/GHSA-hwx8-q9cg-mqmc","reference_id":"GHSA-hwx8-q9cg-mqmc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hwx8-q9cg-mqmc"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-hwx8-q9cg-mqmc","reference_id":"GHSA-hwx8-q9cg-mqmc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T17:38:46Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-hwx8-q9cg-mqmc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74559?format=json","purl":"pkg:npm/parse-server@8.6.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.9"},{"url":"http://public2.vulnerablecode.io/api/packages/74560?format=json","purl":"pkg:npm/parse-server@9.5.0-alpha.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fdvb-gy4j-6qcn"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.9"}],"aliases":["CVE-2026-30850","GHSA-hwx8-q9cg-mqmc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-shyz-tw66-b3gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41170?format=json","vulnerability_id":"VCID-syb7-kvv3-47gm","summary":"Generation of Error Message Containing Sensitive Information\nparse-server before 3.6.0 allows account enumeration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1020013","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46242","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46207","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46195","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46222","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46172","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.4624","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1020013"},{"reference_url":"https://github.com/parse-community/parse-server/commit/73b0f9a339b81f5d757725dc557955a7b670a3ec","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/73b0f9a339b81f5d757725dc557955a7b670a3ec"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-PARSESERVER-455637","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-PARSESERVER-455637"},{"reference_url":"https://www.npmjs.com/advisories/1114","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1114"},{"reference_url":"https://www.owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002)#Description_of_the_Issue","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002)#Description_of_the_Issue"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1020013","reference_id":"CVE-2019-1020013","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1020013"},{"reference_url":"https://github.com/advisories/GHSA-8w3j-g983-8jh5","reference_id":"GHSA-8w3j-g983-8jh5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w3j-g983-8jh5"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5","reference_id":"GHSA-8w3j-g983-8jh5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58313?format=json","purl":"pkg:npm/parse-server@3.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-2sjs-7xx9-g3ej"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-6r8m-wpe8-xfhq"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-b4yy-2spz-mfdc"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-dews-z3yj-z7a4"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-et7n-g719-z3cc"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gje7-sy9t-pbcz"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-rede-vp9p-wyeq"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-vqqp-ywsb-bbhv"},{"vulnerability":"VCID-vvhm-y6vy-eydm"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@3.6.0"}],"aliases":["CVE-2019-1020013","GHSA-8w3j-g983-8jh5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-syb7-kvv3-47gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91876?format=json","vulnerability_id":"VCID-twrs-rk3t-f3gf","summary":"Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries\n### Impact\n\nAn attacker who is allowed to upload files can bypass the file extension filter by appending a MIME parameter (e.g. `;charset=utf-8`) to the `Content-Type` header. This causes the extension validation to fail matching against the blocklist, allowing active content to be stored and served under the application's domain. In addition, certain XML-based file extensions that can render scripts in web browsers are not included in the default blocklist.\n\nThis can lead to stored XSS attacks, compromising session tokens, user credentials, or other sensitive data accessible via the browser's local storage.\n\n### Patches\n\nThe fix strips MIME parameters from the `Content-Type` header before validating the file extension against the blocklist. The default blocklist has also been extended to include additional XML-based extensions (`xsd`, `rng`, `rdf`, `rdf+xml`, `owl`, `mathml`, `mathml+xml`) that can render active content in web browsers.\n\nNote that the `fileUpload.fileExtensions` option is intended to be configured as an allowlist of file extensions that are valid for a specific application, not as a denylist. The default denylist is provided only as a basic default that covers most common problematic extensions. It is not intended to be an exhaustive list of all potentially dangerous extensions. Developers should not rely on the default value, as new extensions that can render active content in browsers might emerge in the future.\n\n### Workarounds\n\nConfigure the `fileUpload.fileExtensions` option to use an allowlist of only the file extensions that your application needs, rather than relying on the default blocklist.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32728","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02886","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02792","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02825","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02841","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02894","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32728"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/4f53ab3cad5502a51a509d53f999e00ff7217b8d","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:03:38Z/"}],"url":"https://github.com/parse-community/parse-server/commit/4f53ab3cad5502a51a509d53f999e00ff7217b8d"},{"reference_url":"https://github.com/parse-community/parse-server/commit/c7599c577a02b97eb5e76d4e20517b0283ae73c8","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:03:38Z/"}],"url":"https://github.com/parse-community/parse-server/commit/c7599c577a02b97eb5e76d4e20517b0283ae73c8"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10191","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:03:38Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10191"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10192","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:03:38Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10192"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-42ph-pf9q-cr72","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:03:38Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-42ph-pf9q-cr72"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32728","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32728"},{"reference_url":"https://github.com/advisories/GHSA-42ph-pf9q-cr72","reference_id":"GHSA-42ph-pf9q-cr72","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-42ph-pf9q-cr72"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114363?format=json","purl":"pkg:npm/parse-server@8.6.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.41"},{"url":"http://public2.vulnerablecode.io/api/packages/114360?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.15"}],"aliases":["CVE-2026-32728","GHSA-42ph-pf9q-cr72"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twrs-rk3t-f3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90937?format=json","vulnerability_id":"VCID-v5t3-r3mz-13gc","summary":"Parse Server's Session Update endpoint allows overwriting server-generated session fields\n### Impact\n\nAn authenticated user can overwrite server-generated session fields such as `expiresAt` and `createdWith` when updating their own session via the REST API. This allows bypassing the server's configured session lifetime policy, making a session effectively permanent.\n\n### Patches\n\nThe fix blocks authenticated users from setting `expiresAt` and `createdWith` fields when updating a session. Master key and maintenance key operations are not affected.\n\n### Workarounds\n\nThere is no known workaround other than upgrading.\n\n### Resources\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-jc39-686j-wp6q\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/pull/10263\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/pull/10264","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33527","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02652","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02551","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02585","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02655","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33527"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/26b628c8fb3cc79ea955374769eebcff6f8a8a73","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:36:32Z/"}],"url":"https://github.com/parse-community/parse-server/commit/26b628c8fb3cc79ea955374769eebcff6f8a8a73"},{"reference_url":"https://github.com/parse-community/parse-server/commit/ea68fc0b22a6056c9675149469ff57817f7cf984","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:36:32Z/"}],"url":"https://github.com/parse-community/parse-server/commit/ea68fc0b22a6056c9675149469ff57817f7cf984"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10263","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:36:32Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10263"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10264","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:36:32Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10264"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-jc39-686j-wp6q","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T20:36:32Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-jc39-686j-wp6q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33527","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33527"},{"reference_url":"https://github.com/advisories/GHSA-jc39-686j-wp6q","reference_id":"GHSA-jc39-686j-wp6q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc39-686j-wp6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112904?format=json","purl":"pkg:npm/parse-server@8.6.57","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.57"},{"url":"http://public2.vulnerablecode.io/api/packages/112903?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.48"}],"aliases":["CVE-2026-33527","GHSA-jc39-686j-wp6q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v5t3-r3mz-13gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110314?format=json","vulnerability_id":"VCID-v7yq-ntze-e3b1","summary":"Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks\n### Impact\n\nA compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server `requestKeywordDenylist` option.\n\n### Patches\n\nImproved keyword detection.\n\n### Workarounds\n\nNone.\n\n### Collaborators\n\nMikhail Shcherbakov, Cristian-Alexandru Staicu and Musard Balliu working with Trend Micro Zero Day Initiative\n\n### References\n\n- https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41879","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64568","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64619","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.6461","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64616","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64597","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64608","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41879"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/60c5a73d257e0d536056b38bdafef8b7130524d8","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/60c5a73d257e0d536056b38bdafef8b7130524d8"},{"reference_url":"https://github.com/parse-community/parse-server/commit/6c63f04ba37174021082a5b5c4ba1556dcc954f4","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/6c63f04ba37174021082a5b5c4ba1556dcc954f4"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8305","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/8305"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8306","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/8306"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.10.20","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.10.20"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.3.3","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.3.3"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:47Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41879","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41879"},{"reference_url":"https://github.com/advisories/GHSA-93vw-8fm5-p2jf","reference_id":"GHSA-93vw-8fm5-p2jf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93vw-8fm5-p2jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148912?format=json","purl":"pkg:npm/parse-server@4.10.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.20"},{"url":"http://public2.vulnerablecode.io/api/packages/148913?format=json","purl":"pkg:npm/parse-server@5.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.3.3"}],"aliases":["CVE-2022-41879","GHSA-93vw-8fm5-p2jf","GMS-2022-6745"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7yq-ntze-e3b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41524?format=json","vulnerability_id":"VCID-vqqp-ywsb-bbhv","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nFor regular (non-LiveQuery) queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the `Parse.User` class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery payload.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41109","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58677","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58685","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58678","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58662","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58631","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41109"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/4ac4b7f71002ed4fbedbb901db1f6ed1e9ac5559","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/4ac4b7f71002ed4fbedbb901db1f6ed1e9ac5559"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.10.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.10.4"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7pr3-p5fm-8r9x","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7pr3-p5fm-8r9x"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41109","reference_id":"CVE-2021-41109","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41109"},{"reference_url":"https://github.com/advisories/GHSA-7pr3-p5fm-8r9x","reference_id":"GHSA-7pr3-p5fm-8r9x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7pr3-p5fm-8r9x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59182?format=json","purl":"pkg:npm/parse-server@4.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-6r8m-wpe8-xfhq"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-rede-vp9p-wyeq"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.4"}],"aliases":["CVE-2021-41109","GHSA-7pr3-p5fm-8r9x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqqp-ywsb-bbhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41331?format=json","vulnerability_id":"VCID-vvhm-y6vy-eydm","summary":"Improper Authentication\nParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously., when an anonymous user is first signed up using REST, the server creates session incorrectly. Particularly, the `authProvider` field in `_Session` class under `createdWith` shows the user logged in creating a password. If a developer later depends on the `createdWith` field to provide a different level of access between a password user and anonymous user, the server incorrectly classified the session type as being created with a `password`. The server does not currently use `createdWith` to make decisions about internal functions, so if a developer is not using `createdWith` directly, they are not affected. The vulnerability only affects users who depend on `createdWith` by using it directly. As a workaround, do not use the `createdWith` Session field to make decisions if one allows anonymous login.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39138","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44436","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44398","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44386","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44421","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44368","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44445","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39138"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/147bd9a3dc43391e92c36e05d5db860b04ca27db","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/147bd9a3dc43391e92c36e05d5db860b04ca27db"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.5.2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.5.2"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39138","reference_id":"CVE-2021-39138","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39138"},{"reference_url":"https://github.com/advisories/GHSA-23r4-5mxp-c7g5","reference_id":"GHSA-23r4-5mxp-c7g5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-23r4-5mxp-c7g5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58726?format=json","purl":"pkg:npm/parse-server@4.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-6r8m-wpe8-xfhq"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-e17g-g7qf-87fm"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gje7-sy9t-pbcz"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-rede-vp9p-wyeq"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-vqqp-ywsb-bbhv"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/58941?format=json","purl":"pkg:npm/parse-server@4.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-2h23-n9we-rbdj"},{"vulnerability":"VCID-3aau-zxk4-muaq"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5jge-ymnm-dkgy"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6n48-nv1g-6uc2"},{"vulnerability":"VCID-6r8m-wpe8-xfhq"},{"vulnerability":"VCID-7ne4-7a82-9yfx"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-9zya-mcv5-s7g8"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-avfq-2nfn-fkdw"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-bgdt-2pkg-rbaj"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-d13k-gc2w-7yc1"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-fuju-xn2f-73a6"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gje7-sy9t-pbcz"},{"vulnerability":"VCID-gkng-gbtu-hkc1"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-k86f-a3gq-hbbv"},{"vulnerability":"VCID-k91x-3e4k-8bef"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-msej-ykyc-qyhp"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pb34-8r9n-63ac"},{"vulnerability":"VCID-pr98-q3e2-tydx"},{"vulnerability":"VCID-pt5h-ubds-5bah"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-rede-vp9p-wyeq"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-sdps-4hhb-ebfw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-v7yq-ntze-e3b1"},{"vulnerability":"VCID-vqqp-ywsb-bbhv"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-z7cb-6ruj-4bf2"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.5.2"}],"aliases":["CVE-2021-39138","GHSA-23r4-5mxp-c7g5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vvhm-y6vy-eydm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90067?format=json","vulnerability_id":"VCID-w48t-hex5-qkcs","summary":"Parser Server's streaming file download bypasses afterFind file trigger authorization\n### Impact\n\nFile downloads via HTTP Range requests bypass the `afterFind(Parse.File)` trigger and its validators on storage adapters that support streaming (e.g. the default GridFS adapter). This allows access to files that should be protected by `afterFind` trigger authorization logic or built-in validators such as `requireUser`.\n\n### Patches\n\nThe streaming file download path now executes the `afterFind(Parse.File)` trigger before sending any data. Authentication is resolved from the session token header so that trigger validators can distinguish authenticated from unauthenticated requests.\n\n### Workarounds\n\nUse `beforeFind(Parse.File)` instead of `afterFind(Parse.File)` for file access authorization. The `beforeFind` trigger runs on all download paths including streaming.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34784","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03611","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03924","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03909","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03937","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03624","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34784"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/053109b3ee71815bc39ed84116c108ff9edbf337","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:31Z/"}],"url":"https://github.com/parse-community/parse-server/commit/053109b3ee71815bc39ed84116c108ff9edbf337"},{"reference_url":"https://github.com/parse-community/parse-server/commit/a0b0c69fc44f87f80d793d257344e7dcbf676e22","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:31Z/"}],"url":"https://github.com/parse-community/parse-server/commit/a0b0c69fc44f87f80d793d257344e7dcbf676e22"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10361","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:31Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10361"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10362","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:31Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10362"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-hpm8-9qx6-jvwv","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:31Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-hpm8-9qx6-jvwv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34784","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34784"},{"reference_url":"https://github.com/advisories/GHSA-hpm8-9qx6-jvwv","reference_id":"GHSA-hpm8-9qx6-jvwv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hpm8-9qx6-jvwv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/111315?format=json","purl":"pkg:npm/parse-server@8.6.71","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.71"},{"url":"http://public2.vulnerablecode.io/api/packages/111314?format=json","purl":"pkg:npm/parse-server@9.7.1-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.7.1-alpha.1"}],"aliases":["CVE-2026-34784","GHSA-hpm8-9qx6-jvwv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w48t-hex5-qkcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50739?format=json","vulnerability_id":"VCID-w51h-8rx9-5yaw","summary":"parse-server's endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user\nThe `readOnlyMasterKey` can call `POST /loginAs` to obtain a valid session token for any user. This allows a read-only credential to impersonate arbitrary users with full read and write access to their data. Any Parse Server deployment that uses `readOnlyMasterKey` is affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30229","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07188","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07166","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07145","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07202","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07196","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30229"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.6","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:29:01Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.6"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.0-alpha.4","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:29:01Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.0-alpha.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30229","reference_id":"CVE-2026-30229","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30229"},{"reference_url":"https://github.com/advisories/GHSA-79wj-8rqv-jvp5","reference_id":"GHSA-79wj-8rqv-jvp5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-79wj-8rqv-jvp5"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-79wj-8rqv-jvp5","reference_id":"GHSA-79wj-8rqv-jvp5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:29:01Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-79wj-8rqv-jvp5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74524?format=json","purl":"pkg:npm/parse-server@8.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.6"},{"url":"http://public2.vulnerablecode.io/api/packages/74525?format=json","purl":"pkg:npm/parse-server@9.5.0-alpha.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fdvb-gy4j-6qcn"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.4"}],"aliases":["CVE-2026-30229","GHSA-79wj-8rqv-jvp5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w51h-8rx9-5yaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50869?format=json","vulnerability_id":"VCID-wazt-mb6n-dudq","summary":"Parse Server has a protected fields bypass via logical query operators\nThe validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check is bypassed entirely. This allows any authenticated user to query on protected fields to extract field values.\n\nAll Parse Server deployments have default protected fields and are vulnerable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30962","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14471","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14595","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14592","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14494","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14555","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30962"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.19","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:28:30Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.19"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.6","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:28:30Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30962","reference_id":"CVE-2026-30962","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30962"},{"reference_url":"https://github.com/advisories/GHSA-72hp-qff8-4pvv","reference_id":"GHSA-72hp-qff8-4pvv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72hp-qff8-4pvv"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-72hp-qff8-4pvv","reference_id":"GHSA-72hp-qff8-4pvv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:28:30Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-72hp-qff8-4pvv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74819?format=json","purl":"pkg:npm/parse-server@8.6.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.19"},{"url":"http://public2.vulnerablecode.io/api/packages/74818?format=json","purl":"pkg:npm/parse-server@9.5.2-alpha.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.6"}],"aliases":["CVE-2026-30962","GHSA-72hp-qff8-4pvv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wazt-mb6n-dudq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50909?format=json","vulnerability_id":"VCID-wh63-a1pu-c3g2","summary":"Parse Server: Account takeover via operator injection in authentication data identifier\nAn unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier (e.g. anonymous authentication). By sending a crafted login request, the attacker can cause the server to perform a pattern-matching query instead of an exact-match lookup, allowing the attacker to match an existing user and obtain a valid session token for that user's account. Both MongoDB and PostgreSQL database backends are affected. Any Parse Server deployment that allows anonymous authentication (enabled by default) is vulnerable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32248","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27246","published_at":"2026-06-08T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27296","published_at":"2026-06-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27336","published_at":"2026-06-06T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27255","published_at":"2026-06-09T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27386","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32248"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/8.6.38","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-13T16:17:01Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.38"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.12","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-13T16:17:01Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.12"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32248","reference_id":"CVE-2026-32248","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32248"},{"reference_url":"https://github.com/advisories/GHSA-5fw2-8jcv-xh87","reference_id":"GHSA-5fw2-8jcv-xh87","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5fw2-8jcv-xh87"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-5fw2-8jcv-xh87","reference_id":"GHSA-5fw2-8jcv-xh87","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-13T16:17:01Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-5fw2-8jcv-xh87"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74866?format=json","purl":"pkg:npm/parse-server@8.6.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.38"},{"url":"http://public2.vulnerablecode.io/api/packages/74865?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.12"}],"aliases":["CVE-2026-32248","GHSA-5fw2-8jcv-xh87"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wh63-a1pu-c3g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48370?format=json","vulnerability_id":"VCID-wu9b-cdwh-mka2","summary":"Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details\nThe MongoDB `explain()` method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes:\n\n- Database schema structure and field names\n- Index configurations and query optimization details\n- Query execution statistics and performance metrics\n- Potential attack vectors for database performance exploitation","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64502","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2704","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30287","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30271","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30332","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30303","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64502"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/4456b02280c2d8dd58b7250e9e67f1a8647b3452","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-12T17:36:05Z/"}],"url":"https://github.com/parse-community/parse-server/commit/4456b02280c2d8dd58b7250e9e67f1a8647b3452"},{"reference_url":"https://github.com/parse-community/parse-server/pull/9890","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-12T17:36:05Z/"}],"url":"https://github.com/parse-community/parse-server/pull/9890"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64502","reference_id":"CVE-2025-64502","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64502"},{"reference_url":"https://github.com/advisories/GHSA-7cx5-254x-cgrq","reference_id":"GHSA-7cx5-254x-cgrq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7cx5-254x-cgrq"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7cx5-254x-cgrq","reference_id":"GHSA-7cx5-254x-cgrq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-12T17:36:05Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7cx5-254x-cgrq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71397?format=json","purl":"pkg:npm/parse-server@8.5.0-alpha.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.5.0-alpha.5"}],"aliases":["CVE-2025-64502","GHSA-7cx5-254x-cgrq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wu9b-cdwh-mka2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90890?format=json","vulnerability_id":"VCID-ww53-ctcz-r7bp","summary":"Parse Server crash via deeply nested query condition operators\n### Impact\n\nAn unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the server and denies service to all connected clients.\n\n### Patches\n\nA depth limit for query condition operator nesting has been added via the `requestComplexity.queryDepth` server option. The option is disabled by default to avoid a breaking change. To mitigate, upgrade and set the option to a value appropriate for your app.\n\n### Workarounds\n\nNone.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32944","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05612","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05558","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05599","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05597","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32944"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10202","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T16:56:21Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10202"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10203","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T16:56:21Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10203"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9xp9-j92r-p88v","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T16:56:21Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9xp9-j92r-p88v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32944","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32944"},{"reference_url":"https://github.com/advisories/GHSA-9xp9-j92r-p88v","reference_id":"GHSA-9xp9-j92r-p88v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9xp9-j92r-p88v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112786?format=json","purl":"pkg:npm/parse-server@8.6.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.45"},{"url":"http://public2.vulnerablecode.io/api/packages/112784?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.21"}],"aliases":["CVE-2026-32944","GHSA-9xp9-j92r-p88v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww53-ctcz-r7bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91753?format=json","vulnerability_id":"VCID-xpuh-u9nt-m7dt","summary":"Parse Server has a protected field change detection oracle via LiveQuery watch parameter\n### Impact\n\nAn attacker can subscribe to LiveQuery with a `watch` parameter targeting a protected field. Although the protected field value is properly stripped from event payloads, the presence or absence of update events reveals whether the protected field changed, creating a binary oracle. For boolean protected fields, the timing of change events is equivalent to knowing the field value.\n\n### Patches\n\nThe `watch` parameter is now validated against protected fields at subscription time, mirroring the existing validation for the `where` clause. Subscriptions that include protected fields in `watch` are rejected with a permission error. Master key connections are exempt.\n\n### Workarounds\n\nNone.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33429","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03102","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03033","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03051","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03092","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02999","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33429"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/0c0a0a5a37ca821d2553119f2cb3be35322eda4b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:33:05Z/"}],"url":"https://github.com/parse-community/parse-server/commit/0c0a0a5a37ca821d2553119f2cb3be35322eda4b"},{"reference_url":"https://github.com/parse-community/parse-server/commit/c62eacaf38de86913f09240583448360b1cc8e67","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:33:05Z/"}],"url":"https://github.com/parse-community/parse-server/commit/c62eacaf38de86913f09240583448360b1cc8e67"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10253","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:33:05Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10253"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10254","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:33:05Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10254"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-qpc3-fg4j-8hgm","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:33:05Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-qpc3-fg4j-8hgm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33429","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33429"},{"reference_url":"https://github.com/advisories/GHSA-qpc3-fg4j-8hgm","reference_id":"GHSA-qpc3-fg4j-8hgm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpc3-fg4j-8hgm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114088?format=json","purl":"pkg:npm/parse-server@8.6.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.54"},{"url":"http://public2.vulnerablecode.io/api/packages/74558?format=json","purl":"pkg:npm/parse-server@9.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-shyz-tw66-b3gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114087?format=json","purl":"pkg:npm/parse-server@9.6.0-alpha.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.43"}],"aliases":["CVE-2026-33429","GHSA-qpc3-fg4j-8hgm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xpuh-u9nt-m7dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56959?format=json","vulnerability_id":"VCID-z7cb-6ruj-4bf2","summary":"Parse Server has an OAuth login vulnerability\nThe 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse Server apps. For example, if a user signed up using the same authentication provider in two unrelated Parse Server apps, the credentials stored by one app can be used to authenticate the same user in the other app. Note that this only affects Parse Server apps that specifically use an affected 3rd party authentication provider for user authentication, for example by setting the Parse Server option `auth` to configure a Parse Server authentication adapter. See the [3rd party authentication docs](https://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication) for more information on which authentication providers are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30168","reference_id":"","reference_type":"","scores":[{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41257","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41246","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41277","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41308","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41304","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30168"},{"reference_url":"https://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T15:12:30Z/"}],"url":"https://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/2ff9c71030bce3aada0a00fbceedeb7ae2c8a41e","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T15:12:30Z/"}],"url":"https://github.com/parse-community/parse-server/commit/2ff9c71030bce3aada0a00fbceedeb7ae2c8a41e"},{"reference_url":"https://github.com/parse-community/parse-server/commit/5ef0440c8e763854e62341acaeb6dc4ade3ba82f","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T15:12:30Z/"}],"url":"https://github.com/parse-community/parse-server/commit/5ef0440c8e763854e62341acaeb6dc4ade3ba82f"},{"reference_url":"https://github.com/parse-community/parse-server/pull/9667","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T15:12:30Z/"}],"url":"https://github.com/parse-community/parse-server/pull/9667"},{"reference_url":"https://github.com/parse-community/parse-server/pull/9668","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T15:12:30Z/"}],"url":"https://github.com/parse-community/parse-server/pull/9668"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30168","reference_id":"CVE-2025-30168","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30168"},{"reference_url":"https://github.com/advisories/GHSA-837q-jhwx-cmpv","reference_id":"GHSA-837q-jhwx-cmpv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-837q-jhwx-cmpv"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-837q-jhwx-cmpv","reference_id":"GHSA-837q-jhwx-cmpv","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T15:12:30Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-837q-jhwx-cmpv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84560?format=json","purl":"pkg:npm/parse-server@7.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/811427?format=json","purl":"pkg:npm/parse-server@8.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/84561?format=json","purl":"pkg:npm/parse-server@8.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j65-rdzh-6bc3"},{"vulnerability":"VCID-3pbu-nwcc-hydn"},{"vulnerability":"VCID-4geq-pnnp-3fd8"},{"vulnerability":"VCID-51jb-xry5-5qc2"},{"vulnerability":"VCID-5cyt-1hbn-pkgb"},{"vulnerability":"VCID-5j87-2q5c-cqdf"},{"vulnerability":"VCID-5tkj-suz2-hyf2"},{"vulnerability":"VCID-5tn5-f5x6-afbh"},{"vulnerability":"VCID-5web-hc9c-kbhe"},{"vulnerability":"VCID-67gc-6w6e-rkcg"},{"vulnerability":"VCID-6bmy-ymay-zfdm"},{"vulnerability":"VCID-6f3m-zdr1-sqf7"},{"vulnerability":"VCID-7spb-rcbx-w7gn"},{"vulnerability":"VCID-7xk3-yn6w-nfd1"},{"vulnerability":"VCID-82fj-6jd2-hqc1"},{"vulnerability":"VCID-8d4r-sv2m-hqhe"},{"vulnerability":"VCID-8gsh-j1b9-3bew"},{"vulnerability":"VCID-8xmh-99mq-ybbf"},{"vulnerability":"VCID-8zde-nj53-ebhu"},{"vulnerability":"VCID-9fqm-a5xk-j7d5"},{"vulnerability":"VCID-9kyv-xmvr-nfgf"},{"vulnerability":"VCID-agc3-jfsf-kbhh"},{"vulnerability":"VCID-au5b-pexg-tubt"},{"vulnerability":"VCID-b3ks-95ke-m7dz"},{"vulnerability":"VCID-c1nt-b6by-m7hu"},{"vulnerability":"VCID-caaw-qhvr-nqaz"},{"vulnerability":"VCID-crd1-u2dd-6yh2"},{"vulnerability":"VCID-cuaf-2g3g-tuap"},{"vulnerability":"VCID-cuct-x9ub-1bd9"},{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-dazy-p9qb-7qgk"},{"vulnerability":"VCID-eh2m-7t9f-tqdm"},{"vulnerability":"VCID-f6mm-th5w-fug4"},{"vulnerability":"VCID-faws-rh1j-tba1"},{"vulnerability":"VCID-fnb8-edpu-e3e3"},{"vulnerability":"VCID-g9mj-kud1-d7a3"},{"vulnerability":"VCID-gzbr-zm1b-nkfc"},{"vulnerability":"VCID-h8hu-n8dv-ybhy"},{"vulnerability":"VCID-h8ut-tkq6-r7e2"},{"vulnerability":"VCID-j6q8-5bxf-7fcf"},{"vulnerability":"VCID-j9vu-d52s-ekgq"},{"vulnerability":"VCID-jnuv-zhzb-nygr"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-kpnd-nb3e-2ufx"},{"vulnerability":"VCID-m9r5-g4pw-q7cx"},{"vulnerability":"VCID-mpu4-c9v9-wbdd"},{"vulnerability":"VCID-n19y-uwm6-3udp"},{"vulnerability":"VCID-n514-mj64-wkfb"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-nnat-huec-buht"},{"vulnerability":"VCID-nqnd-8hx6-5bh4"},{"vulnerability":"VCID-p1jm-h97h-vkhv"},{"vulnerability":"VCID-p27e-zbjb-ebbh"},{"vulnerability":"VCID-p34v-j1s6-a7hn"},{"vulnerability":"VCID-pwb4-41pr-6kfs"},{"vulnerability":"VCID-q8xg-vs4w-d7g7"},{"vulnerability":"VCID-qbz7-9nkp-xfew"},{"vulnerability":"VCID-qupn-1ytd-tkae"},{"vulnerability":"VCID-r432-uepe-vuah"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-shyz-tw66-b3gv"},{"vulnerability":"VCID-twrs-rk3t-f3gf"},{"vulnerability":"VCID-v5t3-r3mz-13gc"},{"vulnerability":"VCID-w48t-hex5-qkcs"},{"vulnerability":"VCID-w51h-8rx9-5yaw"},{"vulnerability":"VCID-wazt-mb6n-dudq"},{"vulnerability":"VCID-wh63-a1pu-c3g2"},{"vulnerability":"VCID-wu9b-cdwh-mka2"},{"vulnerability":"VCID-ww53-ctcz-r7bp"},{"vulnerability":"VCID-xpuh-u9nt-m7dt"},{"vulnerability":"VCID-y8w7-v5cd-a3en"},{"vulnerability":"VCID-ze79-p1vg-47fx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.0.2"}],"aliases":["CVE-2025-30168","GHSA-837q-jhwx-cmpv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7cb-6ruj-4bf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91083?format=json","vulnerability_id":"VCID-ze79-p1vg-47fx","summary":"parse-server has GraphQL complexity validator exponential fragment traversal DoS\n### Impact\n\nThe GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads. A single unauthenticated request can block the Node.js event loop for seconds, denying service to all concurrent users. This only affects deployments that have enabled the `requestComplexity.graphQLDepth` or `requestComplexity.graphQLFields` configuration options.\n\n### Patches\n\nThe fix replaces the per-branch fragment traversal with memoized fragment computation, reducing the traversal from exponential O(2^N) to linear O(N) time. Additionally, early termination aborts the traversal as soon as configured limits are exceeded.\n\n### Workarounds\n\nDisable GraphQL complexity limits by setting `requestComplexity.graphQLDepth` and `requestComplexity.graphQLFields` to `-1` (the default).\n\n### Resources\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-mfj6-6p54-m98c\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/pull/10344\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/pull/10345","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34573","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04954","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0494","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05287","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05247","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34573"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/ea15412795f34594cc8a674fe858d445675e0295","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:19Z/"}],"url":"https://github.com/parse-community/parse-server/commit/ea15412795f34594cc8a674fe858d445675e0295"},{"reference_url":"https://github.com/parse-community/parse-server/commit/f759bda075298ec44e2b4fb57659a0c56620483b","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:19Z/"}],"url":"https://github.com/parse-community/parse-server/commit/f759bda075298ec44e2b4fb57659a0c56620483b"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10344","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:19Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10344"},{"reference_url":"https://github.com/parse-community/parse-server/pull/10345","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:19Z/"}],"url":"https://github.com/parse-community/parse-server/pull/10345"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-mfj6-6p54-m98c","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:19Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-mfj6-6p54-m98c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34573","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34573"},{"reference_url":"https://github.com/advisories/GHSA-mfj6-6p54-m98c","reference_id":"GHSA-mfj6-6p54-m98c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mfj6-6p54-m98c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113107?format=json","purl":"pkg:npm/parse-server@8.6.68","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.68"},{"url":"http://public2.vulnerablecode.io/api/packages/113106?format=json","purl":"pkg:npm/parse-server@9.7.0-alpha.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-davb-xyy3-2qf1"},{"vulnerability":"VCID-jsgf-t1ga-x7eq"},{"vulnerability":"VCID-kar5-6zet-aqad"},{"vulnerability":"VCID-n8kv-67nw-xbaw"},{"vulnerability":"VCID-r9jq-4te8-xkfb"},{"vulnerability":"VCID-sd7z-5aa7-f7aw"},{"vulnerability":"VCID-w48t-hex5-qkcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.7.0-alpha.12"}],"aliases":["CVE-2026-34573","GHSA-mfj6-6p54-m98c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ze79-p1vg-47fx"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@2.6.3"}