{"url":"http://public2.vulnerablecode.io/api/packages/443936?format=json","purl":"pkg:npm/parse-server@2.3.6","type":"npm","namespace":"","name":"parse-server","version":"2.3.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.4.4","latest_non_vulnerable_version":"9.9.1-alpha.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/343778?format=json","vulnerability_id":"VCID-4r23-ja36-nbap","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41109","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58744","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41109"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/4ac4b7f71002ed4fbedbb901db1f6ed1e9ac5559","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/4ac4b7f71002ed4fbedbb901db1f6ed1e9ac5559"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.10.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.10.4"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7pr3-p5fm-8r9x","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-7pr3-p5fm-8r9x"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41109","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41109"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382537?format=json","purl":"pkg:npm/parse-server@4.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-n5a3-fvug-y3hj"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"},{"vulnerability":"VCID-z1he-62nx-bkfr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.4"}],"aliases":["CVE-2021-41109","GHSA-7pr3-p5fm-8r9x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4r23-ja36-nbap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149879?format=json","vulnerability_id":"VCID-4xpa-t9ed-5kf1","summary":"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header `x-forwarded-for` to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various features in Parse Server. This allows to circumvent the security mechanism of the Parse Server option `masterKeyIps` by setting an allowed IP address as the `x-forwarded-for` header value. This issue has been patched in version 5.4.1. The mechanism to determine the client IP address has been rewritten. The correct IP address determination now requires to set the Parse Server option `trustProxy`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22474","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49284","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22474"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22474","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22474"},{"reference_url":"https://github.com/parse-community/parse-server/commit/e016d813e083ce6828f9abce245d15b681a224d8","reference_id":"e016d813e083ce6828f9abce245d15b681a224d8","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T17:36:20Z/"}],"url":"https://github.com/parse-community/parse-server/commit/e016d813e083ce6828f9abce245d15b681a224d8"},{"reference_url":"https://github.com/advisories/GHSA-vm5r-c87r-pf6x","reference_id":"GHSA-vm5r-c87r-pf6x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vm5r-c87r-pf6x"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vm5r-c87r-pf6x","reference_id":"GHSA-vm5r-c87r-pf6x","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T17:36:20Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-vm5r-c87r-pf6x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379975?format=json","purl":"pkg:npm/parse-server@5.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.4.1"}],"aliases":["CVE-2023-22474","GHSA-vm5r-c87r-pf6x","GMS-2023-196"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xpa-t9ed-5kf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/326437?format=json","vulnerability_id":"VCID-7kme-vrea-kudy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26288","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37077","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26288"},{"reference_url":"https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.5.0","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.5.0"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26288","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26288"},{"reference_url":"https://www.npmjs.com/advisories/1593","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1593"},{"reference_url":"https://www.npmjs.com/package/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/parse-server"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382087?format=json","purl":"pkg:npm/parse-server@4.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4r23-ja36-nbap"},{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-8b7x-1h3z-xkf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-ary2-1kn4-xqd1"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-bm62-x3gx-e7ee"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-n5a3-fvug-y3hj"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"},{"vulnerability":"VCID-z1he-62nx-bkfr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.5.0"}],"aliases":["CVE-2020-26288","GHSA-4w46-w44m-3jq3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kme-vrea-kudy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/342533?format=json","vulnerability_id":"VCID-8b7x-1h3z-xkf1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39138","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44453","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39138"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/147bd9a3dc43391e92c36e05d5db860b04ca27db","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/147bd9a3dc43391e92c36e05d5db860b04ca27db"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.5.2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.5.2"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39138","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39138"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/391514?format=json","purl":"pkg:npm/parse-server@4.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4r23-ja36-nbap"},{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-ary2-1kn4-xqd1"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-bm62-x3gx-e7ee"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-n5a3-fvug-y3hj"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"},{"vulnerability":"VCID-z1he-62nx-bkfr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/382531?format=json","purl":"pkg:npm/parse-server@4.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4r23-ja36-nbap"},{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-ary2-1kn4-xqd1"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-n5a3-fvug-y3hj"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"},{"vulnerability":"VCID-z1he-62nx-bkfr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.5.2"}],"aliases":["CVE-2021-39138","GHSA-23r4-5mxp-c7g5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8b7x-1h3z-xkf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56097?format=json","vulnerability_id":"VCID-9njy-jn3z-wudh","summary":"parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27298","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54893","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27298"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/6.5.0","reference_id":"6.5.0","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T15:39:53Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/6.5.0"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20","reference_id":"7.0.0-alpha.20","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T15:39:53Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20"},{"reference_url":"https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51e513507fcf90a504","reference_id":"a6e654943536932904a69b51e513507fcf90a504","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T15:39:53Z/"}],"url":"https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51e513507fcf90a504"},{"reference_url":"https://github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8a7389937dc35833","reference_id":"cbefe770a7260b54748a058b8a7389937dc35833","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T15:39:53Z/"}],"url":"https://github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8a7389937dc35833"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27298","reference_id":"CVE-2024-27298","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27298"},{"reference_url":"https://github.com/advisories/GHSA-6927-3vr9-fxf2","reference_id":"GHSA-6927-3vr9-fxf2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6927-3vr9-fxf2"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2","reference_id":"GHSA-6927-3vr9-fxf2","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-05T15:39:53Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29488?format=json","purl":"pkg:npm/parse-server@6.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d328-5we4-ukhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/29485?format=json","purl":"pkg:npm/parse-server@7.0.0-alpha.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d328-5we4-ukhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.0.0-alpha.20"}],"aliases":["CVE-2024-27298","GHSA-6927-3vr9-fxf2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9njy-jn3z-wudh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166963?format=json","vulnerability_id":"VCID-aj2x-xafd-vfh8","summary":"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields (keys used internally by Parse Server, prefixed by `_`) and protected fields (user defined) can be used as query constraints. Internal and protected fields are removed by Parse Server and are only returned to the client using a valid master key. However, using query constraints, these fields can be guessed by enumerating until Parse Server, prior to versions 4.10.14 or 5.2.5, returns a response object. The patch available in versions 4.10.14 and 5.2.5 requires the maser key to use internal and protected fields as query constraints. As a workaround, implement a Parse Cloud Trigger `beforeFind` and manually remove the query constraints.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36079","reference_id":"","reference_type":"","scores":[{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69804","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36079"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.10.14","reference_id":"4.10.14","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.10.14"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.2.5","reference_id":"5.2.5","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.2.5"},{"reference_url":"https://github.com/parse-community/parse-server/commit/634c44acd18f6ee6ec60fac89a2b602d92799bec","reference_id":"634c44acd18f6ee6ec60fac89a2b602d92799bec","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/commit/634c44acd18f6ee6ec60fac89a2b602d92799bec"},{"reference_url":"https://github.com/parse-community/parse-server/issues/8143","reference_id":"8143","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/issues/8143"},{"reference_url":"https://github.com/parse-community/parse-server/issues/8144","reference_id":"8144","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/issues/8144"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36079","reference_id":"CVE-2022-36079","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36079"},{"reference_url":"https://github.com/parse-community/parse-server/commit/e39d51bd329cd978589983bd659db46e1d45aad4","reference_id":"e39d51bd329cd978589983bd659db46e1d45aad4","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/commit/e39d51bd329cd978589983bd659db46e1d45aad4"},{"reference_url":"https://github.com/advisories/GHSA-2m6g-crv8-p3c6","reference_id":"GHSA-2m6g-crv8-p3c6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2m6g-crv8-p3c6"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2m6g-crv8-p3c6","reference_id":"GHSA-2m6g-crv8-p3c6","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:01Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2m6g-crv8-p3c6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26586?format=json","purl":"pkg:npm/parse-server@4.10.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.14"},{"url":"http://public2.vulnerablecode.io/api/packages/26587?format=json","purl":"pkg:npm/parse-server@5.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.5"}],"aliases":["CVE-2022-36079","GHSA-2m6g-crv8-p3c6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aj2x-xafd-vfh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/342559?format=json","vulnerability_id":"VCID-ary2-1kn4-xqd1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39187","reference_id":"","reference_type":"","scores":[{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71584","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39187"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/308668c89474223e2448be92d6823b52c1c313ec","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/308668c89474223e2448be92d6823b52c1c313ec"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/4.10.3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/releases/tag/4.10.3"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-xqp8-w826-hh6x","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-xqp8-w826-hh6x"},{"reference_url":"https://jira.mongodb.org/browse/NODE-3463","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jira.mongodb.org/browse/NODE-3463"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39187","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39187"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382533?format=json","purl":"pkg:npm/parse-server@4.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4r23-ja36-nbap"},{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-n5a3-fvug-y3hj"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"},{"vulnerability":"VCID-z1he-62nx-bkfr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.3"}],"aliases":["CVE-2021-39187","GHSA-xqp8-w826-hh6x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ary2-1kn4-xqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132599?format=json","vulnerability_id":"VCID-bdwe-y1sa-6kbu","summary":"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46119","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69064","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46119"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46119","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46119"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.5.6","reference_id":"5.5.6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.5.6"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/6.3.1","reference_id":"6.3.1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/6.3.1"},{"reference_url":"https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe","reference_id":"686a9f282dc23c31beab3d93e6d21ccd0e1328fe","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/"}],"url":"https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe"},{"reference_url":"https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0","reference_id":"fd86278919556d3682e7e2c856dfccd5beffbfc0","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/"}],"url":"https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0"},{"reference_url":"https://github.com/advisories/GHSA-792q-q67h-w579","reference_id":"GHSA-792q-q67h-w579","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-792q-q67h-w579"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579","reference_id":"GHSA-792q-q67h-w579","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379219?format=json","purl":"pkg:npm/parse-server@5.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-d328-5we4-ukhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/379220?format=json","purl":"pkg:npm/parse-server@6.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-d328-5we4-ukhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.3.1"}],"aliases":["CVE-2023-46119","GHSA-792q-q67h-w579"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdwe-y1sa-6kbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206493?format=json","vulnerability_id":"VCID-bfmz-51vx-pqfn","summary":"receiving subscription objects with deleted session","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15270","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48923","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15270"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15270","reference_id":"CVE-2020-15270","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15270"},{"reference_url":"https://github.com/advisories/GHSA-2xm2-xj2q-qgpj","reference_id":"GHSA-2xm2-xj2q-qgpj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xm2-xj2q-qgpj"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj","reference_id":"GHSA-2xm2-xj2q-qgpj","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17945?format=json","purl":"pkg:npm/parse-server@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4r23-ja36-nbap"},{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-7kme-vrea-kudy"},{"vulnerability":"VCID-8b7x-1h3z-xkf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-ary2-1kn4-xqd1"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-bm62-x3gx-e7ee"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-n5a3-fvug-y3hj"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"},{"vulnerability":"VCID-z1he-62nx-bkfr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.4.0"}],"aliases":["CVE-2020-15270","GHSA-2xm2-xj2q-qgpj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bfmz-51vx-pqfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203770?format=json","vulnerability_id":"VCID-bmdm-k2jw-3uct","summary":"Parse Server before v3.4.1 vulnerable to Denial of Service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1020012","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56673","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1020012"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-PARSESERVER-455635","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-PARSESERVER-455635"},{"reference_url":"https://www.npmjs.com/advisories/1113","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1113"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1020012","reference_id":"CVE-2019-1020012","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1020012"},{"reference_url":"https://github.com/advisories/GHSA-2479-qvv7-47qq","reference_id":"GHSA-2479-qvv7-47qq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2479-qvv7-47qq"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq","reference_id":"GHSA-2479-qvv7-47qq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15379?format=json","purl":"pkg:npm/parse-server@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4r23-ja36-nbap"},{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-7kme-vrea-kudy"},{"vulnerability":"VCID-8b7x-1h3z-xkf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-ary2-1kn4-xqd1"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-bfmz-51vx-pqfn"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-n5a3-fvug-y3hj"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-uhux-2d6p-53gk"},{"vulnerability":"VCID-v9yy-wdcx-u3b4"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"},{"vulnerability":"VCID-z1he-62nx-bkfr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@3.4.1"}],"aliases":["CVE-2019-1020012","GHSA-2479-qvv7-47qq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmdm-k2jw-3uct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47940?format=json","vulnerability_id":"VCID-d328-5we4-ukhw","summary":"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29027","reference_id":"","reference_type":"","scores":[{"value":"0.01895","scoring_system":"epss","scoring_elements":"0.83611","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29027"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b","reference_id":"5ae6d6a36d75c4511029f0ba5673ae4b2999179b","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-20T14:37:25Z/"}],"url":"https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/6.5.5","reference_id":"6.5.5","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-20T14:37:25Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/6.5.5"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29","reference_id":"7.0.0-alpha.29","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-20T14:37:25Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29"},{"reference_url":"https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e","reference_id":"9f6e3429d3b326cf4e2994733c618d08032fac6e","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-20T14:37:25Z/"}],"url":"https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29027","reference_id":"CVE-2024-29027","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29027"},{"reference_url":"https://github.com/advisories/GHSA-6hh7-46r2-vf29","reference_id":"GHSA-6hh7-46r2-vf29","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6hh7-46r2-vf29"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29","reference_id":"GHSA-6hh7-46r2-vf29","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-20T14:37:25Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29915?format=json","purl":"pkg:npm/parse-server@6.5.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/29914?format=json","purl":"pkg:npm/parse-server@7.0.0-alpha.29","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.0.0-alpha.29"}],"aliases":["CVE-2024-29027","GHSA-6hh7-46r2-vf29"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d328-5we4-ukhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/136500?format=json","vulnerability_id":"VCID-gw6r-w5c8-cqbj","summary":"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36475","reference_id":"","reference_type":"","scores":[{"value":"0.09829","scoring_system":"epss","scoring_elements":"0.93148","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36475"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36475","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36475"},{"reference_url":"https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90","reference_id":"3dd99dd80e27e5e1d99b42844180546d90c7aa90","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.5.2","reference_id":"5.5.2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.5.2"},{"reference_url":"https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f","reference_id":"5fad2928fb8ee17304abcdcf259932f827d8c81f","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/6.2.1","reference_id":"6.2.1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/6.2.1"},{"reference_url":"https://github.com/parse-community/parse-server/issues/8674","reference_id":"8674","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/issues/8674"},{"reference_url":"https://github.com/parse-community/parse-server/issues/8675","reference_id":"8675","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/issues/8675"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6","reference_id":"GHSA-462x-c3jw-7vr6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T14:43:51Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381820?format=json","purl":"pkg:npm/parse-server@5.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-jxjb-5kb4-5yah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/636834?format=json","purl":"pkg:npm/parse-server@6.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-d328-5we4-ukhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/381821?format=json","purl":"pkg:npm/parse-server@6.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-jxjb-5kb4-5yah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/636839?format=json","purl":"pkg:npm/parse-server@6.3.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.3.0-alpha.1"}],"aliases":["CVE-2023-36475","GHSA-462x-c3jw-7vr6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gw6r-w5c8-cqbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147164?format=json","vulnerability_id":"VCID-jxjb-5kb4-5yah","summary":"Parse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`. This can pose a vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify the incoming query. The vulnerability has been fixed by refactoring the internal query pipeline for a more concise code structure and implementing a patch to ensure the `beforeFind` trigger is invoked. This fix was introduced in commit `be4c7e23c6` and has been included in releases 6.2.2 and 5.5.5. Users are advised to upgrade. Users unable to upgrade should make use of parse server's security layers to manage access levels with Class-Level Permissions and Object-Level Access Control that should be used instead of custom security layers in Cloud Code triggers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41058","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.5053","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41058"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41058","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41058"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.5.5","reference_id":"5.5.5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:38Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.5.5"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/6.2.2","reference_id":"6.2.2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:38Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/6.2.2"},{"reference_url":"https://github.com/parse-community/parse-server/commit/be4c7e23c63a2fb690685665cebed0de26be05c5","reference_id":"be4c7e23c63a2fb690685665cebed0de26be05c5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:38Z/"}],"url":"https://github.com/parse-community/parse-server/commit/be4c7e23c63a2fb690685665cebed0de26be05c5"},{"reference_url":"https://github.com/advisories/GHSA-fcv6-fg5r-jm9q","reference_id":"GHSA-fcv6-fg5r-jm9q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fcv6-fg5r-jm9q"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q","reference_id":"GHSA-fcv6-fg5r-jm9q","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:38Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q"},{"reference_url":"https://docs.parseplatform.org/parse-server/guide/#security","reference_id":"#security","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:38Z/"}],"url":"https://docs.parseplatform.org/parse-server/guide/#security"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379769?format=json","purl":"pkg:npm/parse-server@5.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/636834?format=json","purl":"pkg:npm/parse-server@6.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-d328-5we4-ukhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/379770?format=json","purl":"pkg:npm/parse-server@6.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/636839?format=json","purl":"pkg:npm/parse-server@6.3.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.3.0-alpha.1"}],"aliases":["CVE-2023-41058","GHSA-fcv6-fg5r-jm9q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxjb-5kb4-5yah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167469?format=json","vulnerability_id":"VCID-jyc1-8j12-4feb","summary":"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Versions 4.0.11 and 5.2.2 prevent this by introducing a new `rootCertificateUrl` property to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple's Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the current root certificate as of May 27, 2022. Keep in mind that the root certificate can change at any time and that it is the developer's responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31083","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38731","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31083"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8054/commits/0cc299f82e367518f2fe7a53b99f3f801a338cf4","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/8054/commits/0cc299f82e367518f2fe7a53b99f3f801a338cf4"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8054/commits/2084b7c569697a5230e42511799eeac9219db5a9","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/pull/8054/commits/2084b7c569697a5230e42511799eeac9219db5a9"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8054","reference_id":"8054","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/"}],"url":"https://github.com/parse-community/parse-server/pull/8054"},{"reference_url":"https://github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1","reference_id":"ba2b0a9cb9a568817a114b132a4c2e0911d76df1","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/"}],"url":"https://github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31083","reference_id":"CVE-2022-31083","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31083"},{"reference_url":"https://github.com/advisories/GHSA-rh9j-f5f8-rvgc","reference_id":"GHSA-rh9j-f5f8-rvgc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rh9j-f5f8-rvgc"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc","reference_id":"GHSA-rh9j-f5f8-rvgc","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc"},{"reference_url":"https://developer.apple.com/news/?id=stttq465","reference_id":"?id=stttq465","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/"}],"url":"https://developer.apple.com/news/?id=stttq465"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24838?format=json","purl":"pkg:npm/parse-server@4.10.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.11"},{"url":"http://public2.vulnerablecode.io/api/packages/573711?format=json","purl":"pkg:npm/parse-server@5.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/24839?format=json","purl":"pkg:npm/parse-server@5.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/573712?format=json","purl":"pkg:npm/parse-server@5.3.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.3.0-alpha.1"}],"aliases":["CVE-2022-31083","GHSA-rh9j-f5f8-rvgc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jyc1-8j12-4feb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173541?format=json","vulnerability_id":"VCID-n5a3-fvug-y3hj","summary":"Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24901","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35295","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24901"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/af4a0417a9f3c1e99b3793806b4b18e04d9fa999","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/af4a0417a9f3c1e99b3793806b4b18e04d9fa999"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24901","reference_id":"CVE-2022-24901","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24901"},{"reference_url":"https://github.com/advisories/GHSA-qf8x-vqjv-92gr","reference_id":"GHSA-qf8x-vqjv-92gr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qf8x-vqjv-92gr"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr","reference_id":"GHSA-qf8x-vqjv-92gr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:08Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20750?format=json","purl":"pkg:npm/parse-server@4.10.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.10"},{"url":"http://public2.vulnerablecode.io/api/packages/20752?format=json","purl":"pkg:npm/parse-server@5.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.1"}],"aliases":["CVE-2022-24901","GHSA-qf8x-vqjv-92gr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5a3-fvug-y3hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167426?format=json","vulnerability_id":"VCID-tqhw-rwa6-4yhk","summary":"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31112","reference_id":"","reference_type":"","scores":[{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69804","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31112"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://github.com/parse-community/parse-server/commit/054f3e6ab01d66a0dcfb77725af28eac1485b375","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/054f3e6ab01d66a0dcfb77725af28eac1485b375"},{"reference_url":"https://github.com/parse-community/parse-server/commit/309f64ced8700321df056fb3cc97f15007a00df1","reference_id":"309f64ced8700321df056fb3cc97f15007a00df1","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/commit/309f64ced8700321df056fb3cc97f15007a00df1"},{"reference_url":"https://github.com/parse-community/parse-server/releases/tag/5.2.4","reference_id":"5.2.4","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/releases/tag/5.2.4"},{"reference_url":"https://github.com/parse-community/parse-server/issues/8073","reference_id":"8073","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/issues/8073"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8074","reference_id":"8074","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/pull/8074"},{"reference_url":"https://github.com/parse-community/parse-server/commit/9fd4516cde5c742f9f29dd05468b4a43a85639a6","reference_id":"9fd4516cde5c742f9f29dd05468b4a43a85639a6","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/commit/9fd4516cde5c742f9f29dd05468b4a43a85639a6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31112","reference_id":"CVE-2022-31112","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31112"},{"reference_url":"https://github.com/advisories/GHSA-crrq-vr9j-fxxh","reference_id":"GHSA-crrq-vr9j-fxxh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crrq-vr9j-fxxh"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh","reference_id":"GHSA-crrq-vr9j-fxxh","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:41Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25236?format=json","purl":"pkg:npm/parse-server@4.10.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.13"},{"url":"http://public2.vulnerablecode.io/api/packages/573711?format=json","purl":"pkg:npm/parse-server@5.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/25238?format=json","purl":"pkg:npm/parse-server@5.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/573712?format=json","purl":"pkg:npm/parse-server@5.3.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.3.0-alpha.1"}],"aliases":["CVE-2022-31112","GHSA-crrq-vr9j-fxxh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tqhw-rwa6-4yhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204555?format=json","vulnerability_id":"VCID-uhux-2d6p-53gk","summary":"Information disclosure in parse-server","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5251","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54838","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5251"},{"reference_url":"https://github.com/parse-community/parse-server/commit/3a3a5eee5ffa48da1352423312cb767de14de269","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/3a3a5eee5ffa48da1352423312cb767de14de269"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5251","reference_id":"CVE-2020-5251","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5251"},{"reference_url":"https://github.com/advisories/GHSA-h4mf-75hf-67w4","reference_id":"GHSA-h4mf-75hf-67w4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4mf-75hf-67w4"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-h4mf-75hf-67w4","reference_id":"GHSA-h4mf-75hf-67w4","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-h4mf-75hf-67w4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16214?format=json","purl":"pkg:npm/parse-server@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4r23-ja36-nbap"},{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-7crw-qbu4-vkd1"},{"vulnerability":"VCID-7kme-vrea-kudy"},{"vulnerability":"VCID-8b7x-1h3z-xkf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-ary2-1kn4-xqd1"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-bfmz-51vx-pqfn"},{"vulnerability":"VCID-bm62-x3gx-e7ee"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-n5a3-fvug-y3hj"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"},{"vulnerability":"VCID-z1he-62nx-bkfr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.1.0"}],"aliases":["CVE-2020-5251","GHSA-h4mf-75hf-67w4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uhux-2d6p-53gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203890?format=json","vulnerability_id":"VCID-v9yy-wdcx-u3b4","summary":"Sensitive Data Exposure in parse-server","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1020013","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46262","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1020013"},{"reference_url":"https://github.com/parse-community/parse-server/commit/73b0f9a339b81f5d757725dc557955a7b670a3ec","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/commit/73b0f9a339b81f5d757725dc557955a7b670a3ec"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-PARSESERVER-455637","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-PARSESERVER-455637"},{"reference_url":"https://www.npmjs.com/advisories/1114","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1114"},{"reference_url":"https://www.owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002)#Description_of_the_Issue","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002)#Description_of_the_Issue"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1020013","reference_id":"CVE-2019-1020013","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1020013"},{"reference_url":"https://github.com/advisories/GHSA-8w3j-g983-8jh5","reference_id":"GHSA-8w3j-g983-8jh5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w3j-g983-8jh5"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5","reference_id":"GHSA-8w3j-g983-8jh5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15459?format=json","purl":"pkg:npm/parse-server@3.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4r23-ja36-nbap"},{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-7crw-qbu4-vkd1"},{"vulnerability":"VCID-7kme-vrea-kudy"},{"vulnerability":"VCID-8b7x-1h3z-xkf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-ary2-1kn4-xqd1"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-bfmz-51vx-pqfn"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-n5a3-fvug-y3hj"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-uhux-2d6p-53gk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"},{"vulnerability":"VCID-z1he-62nx-bkfr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@3.6.0"}],"aliases":["CVE-2019-1020013","GHSA-8w3j-g983-8jh5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9yy-wdcx-u3b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/143446?format=json","vulnerability_id":"VCID-xmbj-u1hj-2qf2","summary":"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for phishing attacks. The HTML page may seem legitimate because it is served under the internet domain where Parse Server is hosted, which may be the same as a company's official website domain.\n\nAn additional security issue arises when the Parse JavaScript SDK is used. The SDK stores sessions in the internet browser's local storage, which usually restricts data access depending on the internet domain. A malicious HTML file could contain a script that retrieves the user's session token from local storage and then share it with the attacker.\n\nThe fix included in versions 5.4.4 and 6.1.1 adds a new Parse Server option `fileUpload.fileExtensions` to restrict file upload on Parse Server by file extension. It is recommended to restrict file upload for HTML file extensions, which this fix disables by default. If an app requires upload of files with HTML file extensions, the option can be set to `['.*']` or another custom value to override the default.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32689","reference_id":"","reference_type":"","scores":[{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60491","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32689"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32689","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32689"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8537","reference_id":"8537","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T19:07:11Z/"}],"url":"https://github.com/parse-community/parse-server/pull/8537"},{"reference_url":"https://github.com/parse-community/parse-server/pull/8538","reference_id":"8538","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T19:07:11Z/"}],"url":"https://github.com/parse-community/parse-server/pull/8538"},{"reference_url":"https://github.com/advisories/GHSA-9prm-jqwx-45x9","reference_id":"GHSA-9prm-jqwx-45x9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9prm-jqwx-45x9"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9prm-jqwx-45x9","reference_id":"GHSA-9prm-jqwx-45x9","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T19:07:11Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-9prm-jqwx-45x9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382049?format=json","purl":"pkg:npm/parse-server@5.4.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/630341?format=json","purl":"pkg:npm/parse-server@5.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@5.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/382050?format=json","purl":"pkg:npm/parse-server@6.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/630361?format=json","purl":"pkg:npm/parse-server@6.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.2.0"}],"aliases":["CVE-2023-32689","GHSA-9prm-jqwx-45x9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmbj-u1hj-2qf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173493?format=json","vulnerability_id":"VCID-z1he-62nx-bkfr","summary":"Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24760","reference_id":"","reference_type":"","scores":[{"value":"0.75565","scoring_system":"epss","scoring_elements":"0.98917","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24760"},{"reference_url":"https://github.com/parse-community/parse-server","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/parse-community/parse-server"},{"reference_url":"https://www.huntr.dev/bounties/ac24b343-e7da-4bc7-ab38-4f4f5cc9d099","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.huntr.dev/bounties/ac24b343-e7da-4bc7-ab38-4f4f5cc9d099"},{"reference_url":"https://github.com/parse-community/parse-server/commit/886bfd7cac69496e3f73d4bb536f0eec3cba0e4d","reference_id":"886bfd7cac69496e3f73d4bb536f0eec3cba0e4d","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:33Z/"}],"url":"https://github.com/parse-community/parse-server/commit/886bfd7cac69496e3f73d4bb536f0eec3cba0e4d"},{"reference_url":"https://www.huntr.dev/bounties/ac24b343-e7da-4bc7-ab38-4f4f5cc9d099/","reference_id":"ac24b343-e7da-4bc7-ab38-4f4f5cc9d099","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:33Z/"}],"url":"https://www.huntr.dev/bounties/ac24b343-e7da-4bc7-ab38-4f4f5cc9d099/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24760","reference_id":"CVE-2022-24760","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24760"},{"reference_url":"https://github.com/advisories/GHSA-p6h4-93qp-jhcm","reference_id":"GHSA-p6h4-93qp-jhcm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p6h4-93qp-jhcm"},{"reference_url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-p6h4-93qp-jhcm","reference_id":"GHSA-p6h4-93qp-jhcm","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:33Z/"}],"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-p6h4-93qp-jhcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19657?format=json","purl":"pkg:npm/parse-server@4.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xpa-t9ed-5kf1"},{"vulnerability":"VCID-9njy-jn3z-wudh"},{"vulnerability":"VCID-aj2x-xafd-vfh8"},{"vulnerability":"VCID-bdwe-y1sa-6kbu"},{"vulnerability":"VCID-d328-5we4-ukhw"},{"vulnerability":"VCID-gw6r-w5c8-cqbj"},{"vulnerability":"VCID-jxjb-5kb4-5yah"},{"vulnerability":"VCID-jyc1-8j12-4feb"},{"vulnerability":"VCID-n5a3-fvug-y3hj"},{"vulnerability":"VCID-tqhw-rwa6-4yhk"},{"vulnerability":"VCID-xmbj-u1hj-2qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@4.10.7"}],"aliases":["CVE-2022-24760","GHSA-p6h4-93qp-jhcm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z1he-62nx-bkfr"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@2.3.6"}