| 0 |
| url |
VCID-13fb-z2vs-83hu |
| vulnerability_id |
VCID-13fb-z2vs-83hu |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the invalid pattern reaches the regex engine during subscription matching, causing denial of service for all connected clients. The fix in 9.6.0-alpha.19 and 8.6.43 validates regular expression patterns at subscription time, rejecting invalid patterns before they are stored. Additionally, a defense-in-depth try-catch prevents any subscription matching error from crashing the server process. As a workaround, disable LiveQuery if it is not needed. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32770 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13298 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13387 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13406 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13412 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32770 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.43 |
| purl |
pkg:npm/parse-server@8.6.43 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 3 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 4 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 5 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 6 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 7 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 8 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 9 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 10 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 11 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 12 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 13 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 14 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 15 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 16 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 17 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 18 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 19 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 20 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 21 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 22 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 23 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 24 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 25 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 26 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 27 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 28 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 29 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.43 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.19 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 3 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 4 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 5 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 6 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 7 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 8 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 9 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 10 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 11 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 12 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 13 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 14 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 15 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 16 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 17 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 18 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 19 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 20 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 21 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 22 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 23 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 24 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 25 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 26 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 27 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 28 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 29 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.19 |
|
|
| aliases |
CVE-2026-32770, GHSA-827p-g5x5-h86c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-13fb-z2vs-83hu |
|
| 1 |
| url |
VCID-1y9a-gb1j-ufdu |
| vulnerability_id |
VCID-1y9a-gb1j-ufdu |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype chain of a registered cloud function handler, causing a stack overflow. The fix in versions 9.6.0-alpha.24 and 8.6.47 restricts property lookups during cloud function name resolution to own properties only, preventing prototype chain traversal from stored function handlers. There is no known workaround. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.47 |
| purl |
pkg:npm/parse-server@8.6.47 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 4 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 5 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 6 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 7 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 8 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 9 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 10 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 11 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 12 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 13 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 14 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 15 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 16 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 17 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 18 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 19 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 20 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 21 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 22 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 23 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 24 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 25 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 26 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.47 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.24 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 4 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 5 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 6 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 7 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 8 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 9 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 10 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 11 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 12 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 13 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 14 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 15 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 16 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 17 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 18 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 19 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 20 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 21 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 22 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 23 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 24 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 25 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 26 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.24 |
|
|
| aliases |
CVE-2026-32886, GHSA-4263-jgmp-7pf4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1y9a-gb1j-ufdu |
|
| 2 |
| url |
VCID-22pk-5s6t-ufaw |
| vulnerability_id |
VCID-22pk-5s6t-ufaw |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior 9.5.2-alpha.2 and 8.6.15, an unauthenticated attacker can exhaust Parse Server resources (CPU, memory, database connections) through crafted queries that exploit the lack of complexity limits in the REST and GraphQL APIs. All Parse Server deployments using the REST or GraphQL API are affected. This vulnerability is fixed in 9.5.2-alpha.2 and 8.6.15. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30946 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06552 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.0657 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06582 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06558 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30946 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.15 |
| purl |
pkg:npm/parse-server@8.6.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 9 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 10 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 11 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 12 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 13 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 14 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 15 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 16 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 17 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 18 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 19 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 20 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 21 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 22 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 23 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 24 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 25 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 26 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 27 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 28 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 29 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 30 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 31 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 32 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 33 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 34 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 35 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 36 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 37 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 38 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 39 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 40 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 41 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 42 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 43 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 44 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 45 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 46 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 47 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 48 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 49 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 50 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 51 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 52 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 53 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 54 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 55 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.15 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.2 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 9 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 10 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 11 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 12 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 13 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 14 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 15 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 16 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 17 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 18 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 19 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 20 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 21 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 22 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 23 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 24 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 25 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 26 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 27 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 28 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 29 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 30 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 31 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 32 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 33 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 34 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 35 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 36 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 37 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 38 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 39 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 40 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 41 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 42 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 43 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 44 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 45 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 46 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 47 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 48 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 49 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 50 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 51 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 52 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 53 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 54 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 55 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.2 |
|
|
| aliases |
CVE-2026-30946, GHSA-cmj3-wx7h-ffvg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-22pk-5s6t-ufaw |
|
| 3 |
| url |
VCID-262h-v1yd-tfc9 |
| vulnerability_id |
VCID-262h-v1yd-tfc9 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation (e.g., stats.counter). The amount value is interpolated directly into the SQL query without parameterization or type validation. An attacker who can send write requests to the Parse Server REST API can inject arbitrary SQL subqueries to read any data from the database, bypassing CLPs and ACLs. MongoDB deployments are not affected. This vulnerability is fixed in 9.6.0-alpha.3 and 8.6.29. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31856 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13399 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13424 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13419 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13311 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31856 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.29 |
| purl |
pkg:npm/parse-server@8.6.29 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 19 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 20 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 21 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 22 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 23 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 24 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 25 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 26 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 27 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 28 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 29 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 30 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 31 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 32 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 33 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 34 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 35 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 36 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 37 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 38 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 39 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 40 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 41 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 42 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 43 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.29 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.3 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 19 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 20 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 21 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 22 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 23 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 24 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 25 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 26 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 27 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 28 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 29 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 30 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 31 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 32 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 33 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 34 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 35 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 36 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 37 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 38 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 39 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 40 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 41 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 42 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 43 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.3 |
|
|
| aliases |
CVE-2026-31856, GHSA-q3vj-96h2-gwvg
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-262h-v1yd-tfc9 |
|
| 4 |
| url |
VCID-2f17-a4kr-r7du |
| vulnerability_id |
VCID-2f17-a4kr-r7du |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery (SSRF) vulnerability in the file upload functionality when trying to upload a Parse.File with uri parameter, allowing execution of an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is provided in the request. A request to the provided URI is executed, but the response is not stored in Parse Server's file storage as the server crashes upon receiving the response. This issue is fixed in versions 7.5.4 and 8.4.0-alpha.1. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64430 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00073 |
| scoring_system |
epss |
| scoring_elements |
0.22236 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00073 |
| scoring_system |
epss |
| scoring_elements |
0.22427 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00088 |
| scoring_system |
epss |
| scoring_elements |
0.25448 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.00088 |
| scoring_system |
epss |
| scoring_elements |
0.25464 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64430 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@7.5.4 |
| purl |
pkg:npm/parse-server@7.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 19 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 20 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 21 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 22 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 23 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 24 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 25 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 26 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 27 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 28 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 29 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 30 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 31 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 32 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 33 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 34 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 35 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 36 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 37 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 38 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 39 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 40 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 41 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 42 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 43 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 44 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 45 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 46 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 47 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 48 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 49 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 50 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 51 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 52 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 53 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 54 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 55 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 56 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 57 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 58 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 59 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 60 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 61 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 62 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 63 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 64 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 65 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 66 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 67 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 68 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 69 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 70 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.5.4 |
|
| 1 |
| url |
pkg:npm/parse-server@8.0.0-alpha.1 |
| purl |
pkg:npm/parse-server@8.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 19 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 20 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 21 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 22 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 23 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 24 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 25 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 26 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 27 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 28 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 29 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 30 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 31 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 32 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 33 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 34 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 35 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 36 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 37 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 38 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 39 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 40 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 41 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 42 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 43 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 44 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 45 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 46 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 47 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 48 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 49 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 50 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 51 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 52 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 53 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 54 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 55 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 56 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 57 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 58 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 59 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 60 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 61 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 62 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 63 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 64 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 65 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 66 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 67 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 68 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 69 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 70 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.0.0-alpha.1 |
|
| 2 |
| url |
pkg:npm/parse-server@8.4.0-alpha.2 |
| purl |
pkg:npm/parse-server@8.4.0-alpha.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 19 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 20 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 21 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 22 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 23 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 24 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 25 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 26 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 27 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 28 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 29 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 30 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 31 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 32 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 33 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 34 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 35 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 36 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 37 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 38 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 39 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 40 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 41 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 42 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 43 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 44 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 45 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 46 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 47 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 48 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 49 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 50 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 51 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 52 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 53 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 54 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 55 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 56 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 57 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 58 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 59 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 60 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 61 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 62 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 63 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 64 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 65 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 66 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 67 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 68 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 69 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 70 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 71 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.4.0-alpha.2 |
|
|
| aliases |
CVE-2025-64430, GHSA-x4qj-2f4q-r4rx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2f17-a4kr-r7du |
|
| 5 |
| url |
VCID-2fzy-ajnc-fbf9 |
| vulnerability_id |
VCID-2fzy-ajnc-fbf9 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0-alpha.14, the GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection control, and query complexity limits. An attacker can connect to the WebSocket endpoint and execute GraphQL operations without providing a valid application or API key, access the GraphQL schema via introspection even when public introspection is disabled, and send arbitrarily complex queries that bypass configured complexity limits. This vulnerability is fixed in 8.6.40 and 9.6.0-alpha.14. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32594 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00086 |
| scoring_system |
epss |
| scoring_elements |
0.24969 |
| published_at |
2026-06-13T12:55:00Z |
|
| 1 |
| value |
0.00086 |
| scoring_system |
epss |
| scoring_elements |
0.24952 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00086 |
| scoring_system |
epss |
| scoring_elements |
0.24955 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00086 |
| scoring_system |
epss |
| scoring_elements |
0.24757 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32594 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.40 |
| purl |
pkg:npm/parse-server@8.6.40 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 4 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 5 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 6 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 7 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 8 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 9 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 10 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 11 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 12 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 13 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 14 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 15 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 16 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 17 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 18 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 19 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 20 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 21 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 22 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 23 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 24 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 25 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 26 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 27 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 28 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 29 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 30 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 31 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 32 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.40 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.14 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 4 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 5 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 6 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 7 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 8 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 9 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 10 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 11 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 12 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 13 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 14 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 15 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 16 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 17 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 18 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 19 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 20 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 21 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 22 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 23 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 24 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 25 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 26 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 27 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 28 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 29 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 30 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 31 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 32 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.14 |
|
|
| aliases |
CVE-2026-32594, GHSA-p2x3-8689-cwpg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| url |
VCID-2qbc-paq8-2fgn |
| vulnerability_id |
VCID-2qbc-paq8-2fgn |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.2 and 8.6.28, an attacker can use a dot-notation field name in combination with the sort query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with the distinct and where query parameters. This vulnerability only affects deployments using a PostgreSQL database. This vulnerability is fixed in 9.6.0-alpha.2 and 8.6.28. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31840 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22294 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22315 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22302 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22112 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31840 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.28 |
| purl |
pkg:npm/parse-server@8.6.28 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 6 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 7 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 8 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 9 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 10 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 11 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 12 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 13 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 14 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 15 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 16 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 17 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 18 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 19 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 20 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 21 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 22 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 23 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 24 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 25 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 26 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 27 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 28 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 29 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 30 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 31 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 32 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 33 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 34 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 35 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 36 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 37 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 38 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 39 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 40 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 41 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 42 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 43 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 44 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.28 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.2 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 6 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 7 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 8 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 9 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 10 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 11 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 12 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 13 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 14 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 15 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 16 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 17 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 18 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 19 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 20 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 21 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 22 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 23 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 24 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 25 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 26 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 27 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 28 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 29 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 30 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 31 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 32 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 33 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 34 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 35 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 36 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 37 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 38 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 39 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 40 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 41 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 42 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 43 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 44 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.2 |
|
|
| aliases |
CVE-2026-31840, GHSA-qpr4-jrj4-6f27
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2qbc-paq8-2fgn |
|
| 7 |
| url |
VCID-2rxm-qxur-9ygu |
| vulnerability_id |
VCID-2rxm-qxur-9ygu |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.60 and 9.6.0-alpha.54, an attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending concurrent login requests. This defeats the single-use design of recovery codes. The attack requires the user's password, a valid recovery code, and the ability to send concurrent requests within milliseconds. This issue has been patched in versions 8.6.60 and 9.6.0-alpha.54. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33624 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09911 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09951 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.0996 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09965 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33624 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.60 |
| purl |
pkg:npm/parse-server@8.6.60 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 2 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 3 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 4 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 5 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 6 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 7 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 8 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 9 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 10 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 11 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 12 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 13 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.60 |
|
| 1 |
|
|
| aliases |
CVE-2026-33624, GHSA-2299-ghjr-6vjp
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2rxm-qxur-9ygu |
|
| 8 |
| url |
VCID-2syy-yyte-nug4 |
| vulnerability_id |
VCID-2syy-yyte-nug4 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.8 and 8.6.21, a vulnerability in Parse Server's query handling allows an authenticated or unauthenticated attacker to exfiltrate session tokens of other users by exploiting the redirectClassNameForKey query parameter. Exfiltrated session tokens can be used to take over user accounts. The vulnerability requires the attacker to be able to create or update an object with a new relation field, which depends on the Class-Level Permissions of at least one class. This vulnerability is fixed in 9.5.2-alpha.8 and 8.6.21. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30965 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00088 |
| scoring_system |
epss |
| scoring_elements |
0.25397 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00088 |
| scoring_system |
epss |
| scoring_elements |
0.25411 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00088 |
| scoring_system |
epss |
| scoring_elements |
0.25394 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00088 |
| scoring_system |
epss |
| scoring_elements |
0.25196 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30965 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.21 |
| purl |
pkg:npm/parse-server@8.6.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 8 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 9 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 10 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 11 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 12 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 13 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 14 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 15 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 16 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 17 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 18 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 19 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 20 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 21 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 22 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 23 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 24 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 25 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 26 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 27 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 28 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 29 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 30 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 31 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 32 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 33 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 34 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 35 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 36 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 37 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 38 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 39 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 40 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 41 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 42 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 43 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 44 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 45 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 46 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 47 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 48 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 49 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.21 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.8 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 8 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 9 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 10 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 11 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 12 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 13 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 14 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 15 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 16 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 17 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 18 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 19 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 20 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 21 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 22 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 23 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 24 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 25 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 26 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 27 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 28 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 29 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 30 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 31 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 32 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 33 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 34 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 35 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 36 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 37 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 38 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 39 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 40 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 41 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 42 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 43 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 44 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 45 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 46 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 47 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 48 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 49 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.8 |
|
|
| aliases |
CVE-2026-30965, GHSA-6r2j-cxgf-495f
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2syy-yyte-nug4 |
|
| 9 |
| url |
VCID-2t98-yfws-zfgn |
| vulnerability_id |
VCID-2t98-yfws-zfgn |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.3 and 8.6.16, class-level permissions (CLP) are not enforced for LiveQuery subscriptions. An unauthenticated or unauthorized client can subscribe to any LiveQuery-enabled class and receive real-time events for all objects, regardless of CLP restrictions. All Parse Server deployments that use LiveQuery with class-level permissions are affected. Data intended to be restricted by CLP is leaked to unauthorized subscribers in real time. This vulnerability is fixed in 9.5.2-alpha.3 and 8.6.16. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30947 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05343 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05352 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05359 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.0534 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30947 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.16 |
| purl |
pkg:npm/parse-server@8.6.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 9 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 10 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 11 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 12 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 13 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 14 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 15 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 16 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 17 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 18 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 19 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 20 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 21 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 22 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 23 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 24 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 25 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 26 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 27 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 28 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 29 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 30 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 31 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 32 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 33 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 34 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 35 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 36 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 37 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 38 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 39 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 40 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 41 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 42 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 43 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 44 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 45 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 46 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 47 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 48 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 49 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 50 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 51 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 52 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 53 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 54 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.16 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.3 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 9 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 10 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 11 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 12 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 13 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 14 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 15 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 16 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 17 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 18 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 19 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 20 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 21 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 22 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 23 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 24 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 25 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 26 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 27 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 28 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 29 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 30 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 31 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 32 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 33 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 34 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 35 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 36 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 37 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 38 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 39 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 40 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 41 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 42 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 43 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 44 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 45 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 46 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 47 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 48 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 49 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 50 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 51 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 52 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 53 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 54 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.3 |
|
|
| aliases |
CVE-2026-30947, GHSA-7ch5-98q2-7289
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2t98-yfws-zfgn |
|
| 10 |
| url |
VCID-383v-s4c7-6bfu |
| vulnerability_id |
VCID-383v-s4c7-6bfu |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The server recurses infinitely, causing a call stack size error that terminates the process. Other prototype property names bypass Cloud Function dispatch validation and return HTTP 200 responses, even though no such Cloud Functions are defined. The same applies to dot-notation traversal. All Parse Server deployments that expose the Cloud Function endpoint are affected. This vulnerability is fixed in 8.6.13 and 9.5.1-alpha.2. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30939 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00181 |
| scoring_system |
epss |
| scoring_elements |
0.39846 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00181 |
| scoring_system |
epss |
| scoring_elements |
0.39857 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00181 |
| scoring_system |
epss |
| scoring_elements |
0.39833 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00181 |
| scoring_system |
epss |
| scoring_elements |
0.39663 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30939 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.13 |
| purl |
pkg:npm/parse-server@8.6.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 11 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 12 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 13 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 14 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 15 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 16 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 17 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 18 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 19 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 20 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 21 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 22 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 23 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 24 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 25 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 26 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 27 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 28 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 29 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 30 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 31 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 32 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 33 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 34 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 35 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 36 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 37 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 38 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 39 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 40 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 41 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 42 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 43 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 44 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 45 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 46 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 47 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 48 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 49 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 50 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 51 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 52 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 53 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 54 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 55 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 56 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 57 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.13 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.1-alpha.2 |
| purl |
pkg:npm/parse-server@9.5.1-alpha.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 11 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 12 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 13 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 14 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 15 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 16 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 17 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 18 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 19 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 20 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 21 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 22 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 23 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 24 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 25 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 26 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 27 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 28 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 29 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 30 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 31 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 32 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 33 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 34 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 35 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 36 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 37 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 38 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 39 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 40 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 41 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 42 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 43 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 44 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 45 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 46 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 47 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 48 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 49 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 50 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 51 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 52 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 53 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 54 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 55 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 56 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 57 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.1-alpha.2 |
|
|
| aliases |
CVE-2026-30939, GHSA-5j86-7r7m-p8h6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-383v-s4c7-6bfu |
|
| 11 |
| url |
VCID-49m3-j488-yqes |
| vulnerability_id |
VCID-49m3-j488-yqes |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This bypasses origin restrictions that operators configure to control which websites can interact with the Parse Server API. The REST API correctly enforces the configured allowOrigin restriction. This issue has been patched in versions 8.6.66 and 9.7.0-alpha.10. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34373 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06235 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06228 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06257 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06245 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34373 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34373, GHSA-q3p6-g7c4-829c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-49m3-j488-yqes |
|
| 12 |
| url |
VCID-53r7-9knw-u7bd |
| vulnerability_id |
VCID-53r7-9knw-u7bd |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.29 and 8.6.49, a user can sign up without providing credentials by sending an empty `authData` object, bypassing the username and password requirement. This allows the creation of authenticated sessions without proper credentials, even when anonymous users are disabled. The fix in 9.6.0-alpha.29 and 8.6.49 ensures that empty or non-actionable `authData` is treated the same as absent `authData` for the purpose of credential validation on new user creation. Username and password are now required when no valid auth provider data is present. As a workaround, use a Cloud Code `beforeSave` trigger on the `_User` class to reject signups where `authData` is empty and no username/password is provided. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.49 |
| purl |
pkg:npm/parse-server@8.6.49 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 4 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 5 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 6 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 7 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 8 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 9 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 10 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 11 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 12 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 13 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 14 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 15 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 16 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 17 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 18 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 19 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 20 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 21 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 22 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 23 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 24 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.49 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.29 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.29 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 4 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 5 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 6 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 7 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 8 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 9 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 10 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 11 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 12 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 13 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 14 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 15 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 16 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 17 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 18 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 19 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 20 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 21 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 22 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 23 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 24 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.29 |
|
|
| aliases |
CVE-2026-33042, GHSA-wjqw-r9x4-j59v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-53r7-9knw-u7bd |
|
| 13 |
| url |
VCID-5bbt-8378-17d1 |
| vulnerability_id |
VCID-5bbt-8378-17d1 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.51 and 9.6.0-alpha.40, the Pages route and legacy PublicAPI route for resending email verification links return distinguishable responses depending on whether the provided username exists and has an unverified email. This allows an unauthenticated attacker to enumerate valid usernames by observing different redirect targets. The existing emailVerifySuccessOnInvalidEmail configuration option, which is enabled by default and protects the API route against this, did not apply to these routes. This issue has been patched in versions 8.6.51 and 9.6.0-alpha.40. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33323 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.16288 |
| published_at |
2026-06-13T12:55:00Z |
|
| 1 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.16256 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.16135 |
| published_at |
2026-06-11T12:55:00Z |
|
| 3 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.16278 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33323 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.51 |
| purl |
pkg:npm/parse-server@8.6.51 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 8 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 9 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 10 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 11 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 12 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 13 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 14 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 15 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 16 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 17 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 18 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 19 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 20 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 21 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.51 |
|
| 1 |
| url |
pkg:npm/parse-server@9.0.0-alpha.1 |
| purl |
pkg:npm/parse-server@9.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 1 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 2 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 3 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 4 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 5 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 6 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 7 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 8 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 9 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 10 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 11 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 12 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 13 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 14 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 15 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 16 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 17 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1 |
|
| 2 |
| url |
pkg:npm/parse-server@9.6.0-alpha.40 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.40 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 8 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 9 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 10 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 11 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 12 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 13 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 14 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 15 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 16 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 17 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 18 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 19 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 20 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 21 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.40 |
|
|
| aliases |
CVE-2026-33323, GHSA-h29g-q5c2-9h4f
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5bbt-8378-17d1 |
|
| 14 |
| url |
VCID-7jbf-hw56-9bcx |
| vulnerability_id |
VCID-7jbf-hw56-9bcx |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple authenticated sessions by sending concurrent login requests via the authData login endpoint. This defeats the single-use guarantee of MFA recovery codes and SMS one-time passwords, allowing session persistence even after the legitimate user revokes detected sessions. This issue has been patched in versions 8.6.64 and 9.7.0-alpha.8. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34224 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04657 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04677 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04679 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04665 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34224 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34224, GHSA-w73w-g5xw-rwhf
|
| risk_score |
2.0 |
| exploitability |
0.5 |
| weighted_severity |
4.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7jbf-hw56-9bcx |
|
| 15 |
| url |
VCID-8cct-wkqq-nqdm |
| vulnerability_id |
VCID-8cct-wkqq-nqdm |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.12 and 9.5.1-alpha.1, the requestKeywordDenylist security control can be bypassed by placing any nested object or array before a prohibited keyword in the request payload. This is caused by a logic bug that stops scanning sibling keys after encountering the first nested value. Any custom requestKeywordDenylist entries configured by the developer are equally by-passable using the same technique. All Parse Server deployments are affected. The requestKeywordDenylist is enabled by default. This vulnerability is fixed in 8.6.12 and 9.5.1-alpha.1. Use a Cloud Code beforeSave trigger to validate incoming data for prohibited keywords across all classes. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.12 |
| purl |
pkg:npm/parse-server@8.6.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 16 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 17 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 18 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 19 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 20 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 21 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 22 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 23 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 24 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 25 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 26 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 27 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 28 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 29 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 30 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 31 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 32 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 33 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 34 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 35 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 36 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 37 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 38 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 39 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 40 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 41 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 42 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 43 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 44 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 45 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 46 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 47 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 48 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 49 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 50 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 51 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 52 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 53 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 54 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 55 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 56 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 57 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 58 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.12 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.1-alpha.1 |
| purl |
pkg:npm/parse-server@9.5.1-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 16 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 17 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 18 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 19 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 20 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 21 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 22 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 23 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 24 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 25 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 26 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 27 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 28 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 29 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 30 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 31 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 32 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 33 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 34 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 35 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 36 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 37 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 38 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 39 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 40 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 41 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 42 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 43 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 44 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 45 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 46 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 47 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 48 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 49 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 50 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 51 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 52 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 53 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 54 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 55 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 56 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 57 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 58 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.1-alpha.1 |
|
|
| aliases |
CVE-2026-30938, GHSA-q342-9w2p-57fp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8cct-wkqq-nqdm |
|
| 16 |
| url |
VCID-9njy-jn3z-wudh |
| vulnerability_id |
VCID-9njy-jn3z-wudh |
| summary |
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-27298 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00313 |
| scoring_system |
epss |
| scoring_elements |
0.55031 |
| published_at |
2026-06-13T12:55:00Z |
|
| 1 |
| value |
0.00313 |
| scoring_system |
epss |
| scoring_elements |
0.55016 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00313 |
| scoring_system |
epss |
| scoring_elements |
0.55015 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00313 |
| scoring_system |
epss |
| scoring_elements |
0.54893 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-27298 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@6.5.0 |
| purl |
pkg:npm/parse-server@6.5.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bd2p-eg4j-mfgq |
|
| 19 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 20 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 21 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 22 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 23 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 24 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 25 |
| vulnerability |
VCID-czsu-zebt-puhd |
|
| 26 |
| vulnerability |
VCID-d328-5we4-ukhw |
|
| 27 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 28 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 29 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 30 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 31 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 32 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 33 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 34 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 35 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 36 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 37 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 38 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 39 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 40 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 41 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 42 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 43 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 44 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 45 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 46 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 47 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 48 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 49 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 50 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 51 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 52 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 53 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 54 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 55 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 56 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 57 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 58 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 59 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 60 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 61 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 62 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 63 |
| vulnerability |
VCID-tmz8-ectq-xqh6 |
|
| 64 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 65 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 66 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 67 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 68 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 69 |
| vulnerability |
VCID-wrzy-ar2d-kfe3 |
|
| 70 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 71 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 72 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 73 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 74 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 75 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.5.0 |
|
| 1 |
| url |
pkg:npm/parse-server@7.0.0-alpha.20 |
| purl |
pkg:npm/parse-server@7.0.0-alpha.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 19 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 20 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 21 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 22 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 23 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 24 |
| vulnerability |
VCID-czsu-zebt-puhd |
|
| 25 |
| vulnerability |
VCID-d328-5we4-ukhw |
|
| 26 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 27 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 28 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 29 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 30 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 31 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 32 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 33 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 34 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 35 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 36 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 37 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 38 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 39 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 40 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 41 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 42 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 43 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 44 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 45 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 46 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 47 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 48 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 49 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 50 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 51 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 52 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 53 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 54 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 55 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 56 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 57 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 58 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 59 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 60 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 61 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 62 |
| vulnerability |
VCID-tmz8-ectq-xqh6 |
|
| 63 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 64 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 65 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 66 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 67 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 68 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 69 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 70 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 71 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 72 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 73 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.0.0-alpha.20 |
|
|
| aliases |
CVE-2024-27298, GHSA-6927-3vr9-fxf2
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9njy-jn3z-wudh |
|
| 17 |
| url |
VCID-9vdy-2u7g-w3cz |
| vulnerability_id |
VCID-9vdy-2u7g-w3cz |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.5 and 9.5.0-alpha.3, the readOnlyMasterKey can be used to create and delete files via the Files API (POST /files/:filename, DELETE /files/:filename). This bypasses the read-only restriction which violates the access scope of the readOnlyMasterKey. Any Parse Server deployment that uses readOnlyMasterKey and exposes the Files API is affected. An attacker with access to the readOnlyMasterKey can upload arbitrary files or delete existing files. This issue has been patched in versions 8.6.5 and 9.5.0-alpha.3. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30228 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03417 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03403 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03413 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.034 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30228 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.5 |
| purl |
pkg:npm/parse-server@8.6.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 17 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 18 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 19 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 20 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 21 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 22 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 23 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 24 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 25 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 26 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 27 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 28 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 29 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 30 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 31 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 32 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 33 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 34 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 35 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 36 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 37 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 38 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 39 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 40 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 41 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 42 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 43 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 44 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 45 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 46 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 47 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 48 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 49 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 50 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 51 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 52 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 53 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 54 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 55 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 56 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 57 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 58 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 59 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 60 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 61 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 62 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 63 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 64 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 65 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.5 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.0-alpha.3 |
| purl |
pkg:npm/parse-server@9.5.0-alpha.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-14sg-981y-pbdx |
|
| 3 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 4 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 5 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 18 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 19 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 20 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 21 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 22 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 23 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 24 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 25 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 26 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 27 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 28 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 29 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 30 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 31 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 32 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 33 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 34 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 35 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 36 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 37 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 38 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 39 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 40 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 41 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 42 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 43 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 44 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 45 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 46 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 47 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 48 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 49 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 50 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 51 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 52 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 53 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 54 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 55 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 56 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 57 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 58 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 59 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 60 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 61 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 62 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 63 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 64 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 65 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 66 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.3 |
|
|
| aliases |
CVE-2026-30228, GHSA-xfh7-phr7-gr2x
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9vdy-2u7g-w3cz |
|
| 18 |
| url |
VCID-anju-zz89-sfad |
| vulnerability_id |
VCID-anju-zz89-sfad |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available in versions 8.6.1 and 9.1.0-alpha.3, escapes user controlled values that are inserted into the HTML pages. No known workarounds are available. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-68115 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.0737 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07373 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.0738 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07337 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-68115 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.1 |
| purl |
pkg:npm/parse-server@8.6.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 18 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 19 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 20 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 21 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 22 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 23 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 24 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 25 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 26 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 27 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 28 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 29 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 30 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 31 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 32 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 33 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 34 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 35 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 36 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 37 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 38 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 39 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 40 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 41 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 42 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 43 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 44 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 45 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 46 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 47 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 48 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 49 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 50 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 51 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 52 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 53 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 54 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 55 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 56 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 57 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 58 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 59 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 60 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 61 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 62 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 63 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 64 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 65 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 66 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 67 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 68 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 69 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.1 |
|
| 1 |
| url |
pkg:npm/parse-server@9.1.0-alpha.3 |
| purl |
pkg:npm/parse-server@9.1.0-alpha.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 18 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 19 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 20 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 21 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 22 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 23 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 24 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 25 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 26 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 27 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 28 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 29 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 30 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 31 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 32 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 33 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 34 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 35 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 36 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 37 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 38 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 39 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 40 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 41 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 42 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 43 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 44 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 45 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 46 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 47 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 48 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 49 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 50 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 51 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 52 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 53 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 54 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 55 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 56 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 57 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 58 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 59 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 60 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 61 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 62 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 63 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 64 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 65 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 66 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 67 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 68 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 69 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.1.0-alpha.3 |
|
|
| aliases |
CVE-2025-68115, GHSA-jhgf-2h8h-ggxv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-anju-zz89-sfad |
|
| 19 |
| url |
VCID-bd2p-eg4j-mfgq |
| vulnerability_id |
VCID-bd2p-eg4j-mfgq |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. This vulnerability is fixed in 6.5.9 and 7.3.0. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47183 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00384 |
| scoring_system |
epss |
| scoring_elements |
0.60173 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00384 |
| scoring_system |
epss |
| scoring_elements |
0.60176 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00384 |
| scoring_system |
epss |
| scoring_elements |
0.60184 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00384 |
| scoring_system |
epss |
| scoring_elements |
0.60065 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47183 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@6.5.9 |
| purl |
pkg:npm/parse-server@6.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 19 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 20 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 21 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 22 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 23 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 24 |
| vulnerability |
VCID-czsu-zebt-puhd |
|
| 25 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 26 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 27 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 28 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 29 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 30 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 31 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 32 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 33 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 34 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 35 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 36 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 37 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 38 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 39 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 40 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 41 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 42 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 43 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 44 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 45 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 46 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 47 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 48 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 49 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 50 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 51 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 52 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 53 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 54 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 55 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 56 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 57 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 58 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 59 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 60 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 61 |
| vulnerability |
VCID-tmz8-ectq-xqh6 |
|
| 62 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 63 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 64 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 65 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 66 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 67 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 68 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 69 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 70 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 71 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 72 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.5.9 |
|
| 1 |
| url |
pkg:npm/parse-server@7.3.0 |
| purl |
pkg:npm/parse-server@7.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 18 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 19 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 20 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 21 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 22 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 23 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 24 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 25 |
| vulnerability |
VCID-czsu-zebt-puhd |
|
| 26 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 27 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 28 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 29 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 30 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 31 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 32 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 33 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 34 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 35 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 36 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 37 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 38 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 39 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 40 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 41 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 42 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 43 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 44 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 45 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 46 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 47 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 48 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 49 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 50 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 51 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 52 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 53 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 54 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 55 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 56 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 57 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 58 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 59 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 60 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 61 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 62 |
| vulnerability |
VCID-tmz8-ectq-xqh6 |
|
| 63 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 64 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 65 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 66 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 67 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 68 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 69 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 70 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 71 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 72 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 73 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.3.0 |
|
|
| aliases |
CVE-2024-47183, GHSA-8xq9-g7ch-35hg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bd2p-eg4j-mfgq |
|
| 20 |
| url |
VCID-bpp2-r2wr-vkf6 |
| vulnerability_id |
VCID-bpp2-r2wr-vkf6 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the server and denies service to all connected clients. Starting in version 9.6.0-alpha.21 and 8.6.45, a depth limit for query condition operator nesting has been added via the `requestComplexity.queryDepth` server option. The option is disabled by default to avoid a breaking change. To mitigate, upgrade and set the option to a value appropriate for your app. No known workarounds are available. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32944 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05656 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05665 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05682 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05674 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32944 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.45 |
| purl |
pkg:npm/parse-server@8.6.45 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 3 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 4 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 5 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 6 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 7 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 8 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 9 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 10 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 11 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 12 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 13 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 14 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 15 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 16 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 17 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 18 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 19 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 20 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 21 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 22 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 23 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 24 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 25 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 26 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 27 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.45 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.21 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 3 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 4 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 5 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 6 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 7 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 8 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 9 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 10 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 11 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 12 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 13 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 14 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 15 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 16 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 17 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 18 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 19 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 20 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 21 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 22 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 23 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 24 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 25 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 26 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 27 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.21 |
|
|
| aliases |
CVE-2026-32944, GHSA-9xp9-j92r-p88v
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bpp2-r2wr-vkf6 |
|
| 21 |
| url |
VCID-brgs-d2uu-a7bt |
| vulnerability_id |
VCID-brgs-d2uu-a7bt |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.4 and 8.6.17, a stored cross-site scripting (XSS) vulnerability allows any authenticated user to upload an SVG file containing JavaScript. The file is served inline with Content-Type: image/svg+xml and without protective headers, causing the browser to execute embedded scripts in the Parse Server origin. This can be exploited to steal session tokens from localStorage and achieve account takeover. The default fileExtensions option blocks HTML file extensions but does not block SVG, which is a well-known XSS vector. All Parse Server deployments where file upload is enabled for authenticated users (the default) are affected. This vulnerability is fixed in 9.5.2-alpha.4 and 8.6.17. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30948 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06094 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06106 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06112 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06091 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30948 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.17 |
| purl |
pkg:npm/parse-server@8.6.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 9 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 10 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 11 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 12 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 13 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 14 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 15 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 16 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 17 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 18 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 19 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 20 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 21 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 22 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 23 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 24 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 25 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 26 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 27 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 28 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 29 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 30 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 31 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 32 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 33 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 34 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 35 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 36 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 37 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 38 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 39 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 40 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 41 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 42 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 43 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 44 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 45 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 46 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 47 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 48 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 49 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 50 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 51 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 52 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 53 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.17 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.4 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 9 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 10 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 11 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 12 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 13 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 14 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 15 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 16 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 17 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 18 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 19 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 20 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 21 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 22 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 23 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 24 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 25 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 26 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 27 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 28 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 29 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 30 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 31 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 32 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 33 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 34 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 35 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 36 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 37 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 38 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 39 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 40 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 41 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 42 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 43 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 44 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 45 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 46 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 47 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 48 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 49 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 50 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 51 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 52 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 53 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.4 |
|
|
| aliases |
CVE-2026-30948, GHSA-hcj7-6gxh-24ww
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-brgs-d2uu-a7bt |
|
| 22 |
| url |
VCID-bzw6-4m1j-6fe2 |
| vulnerability_id |
VCID-bzw6-4m1j-6fe2 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This makes the entire Parse Server unresponsive, affecting all clients. Any Parse Server deployment with LiveQuery enabled is affected. The attacker only needs the application ID and JavaScript key, both of which are public in client-side apps. This only affects LiveQuery subscription matching, which evaluates regex in JavaScript on the Node.js event loop. Normal REST and GraphQL queries are not affected because their regex is evaluated by the database engine. This vulnerability is fixed in 9.5.0-alpha.14 and 8.6.11. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30925 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06064 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06076 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06084 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06061 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30925 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.11 |
| purl |
pkg:npm/parse-server@8.6.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 17 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 18 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 19 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 20 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 21 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 22 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 23 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 24 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 25 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 26 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 27 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 28 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 29 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 30 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 31 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 32 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 33 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 34 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 35 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 36 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 37 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 38 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 39 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 40 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 41 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 42 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 43 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 44 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 45 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 46 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 47 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 48 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 49 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 50 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 51 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 52 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 53 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 54 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 55 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 56 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 57 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 58 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 59 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.11 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.0-alpha.14 |
| purl |
pkg:npm/parse-server@9.5.0-alpha.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 17 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 18 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 19 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 20 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 21 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 22 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 23 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 24 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 25 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 26 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 27 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 28 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 29 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 30 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 31 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 32 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 33 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 34 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 35 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 36 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 37 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 38 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 39 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 40 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 41 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 42 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 43 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 44 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 45 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 46 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 47 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 48 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 49 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 50 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 51 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 52 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 53 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 54 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 55 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 56 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 57 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 58 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 59 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.14 |
|
|
| aliases |
CVE-2026-30925, GHSA-mf3j-86qx-cq5j
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bzw6-4m1j-6fe2 |
|
| 23 |
| url |
VCID-ca2c-skt8-mqau |
| vulnerability_id |
VCID-ca2c-skt8-mqau |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.28 and 8.6.48, the password reset mechanism does not enforce single-use guarantees for reset tokens. When a user requests a password reset, the generated token can be consumed by multiple concurrent requests within a short time window. An attacker who has intercepted a password reset token can race the legitimate user's password reset request, causing both requests to succeed. This may result in the legitimate user believing their password was changed successfully while the attacker's password takes effect instead. All Parse Server deployments that use the password reset feature are affected. Starting in versions 9.6.0-alpha.28 and 8.6.48, the password reset token is now atomically validated and consumed as part of the password update operation. The database query that updates the password includes the reset token as a condition, ensuring that only one concurrent request can successfully consume the token. Subsequent requests using the same token will fail because the token has already been cleared. There is no known workaround other than upgrading. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32943 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01645 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.0166 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01649 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01653 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32943 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.48 |
| purl |
pkg:npm/parse-server@8.6.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 4 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 5 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 6 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 7 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 8 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 9 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 10 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 11 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 12 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 13 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 14 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 15 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 16 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 17 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 18 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 19 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 20 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 21 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 22 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 23 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 24 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 25 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.48 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.28 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.28 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 4 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 5 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 6 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 7 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 8 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 9 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 10 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 11 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 12 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 13 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 14 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 15 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 16 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 17 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 18 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 19 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 20 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 21 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 22 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 23 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 24 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 25 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.28 |
|
|
| aliases |
CVE-2026-32943, GHSA-r3xq-68wh-gwvh
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ca2c-skt8-mqau |
|
| 24 |
| url |
VCID-caj3-ujpk-hba5 |
| vulnerability_id |
VCID-caj3-ujpk-hba5 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint (/batch) processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle multiple requests targeting a rate-limited endpoint into a single batch request to circumvent the configured rate limit. Any Parse Server deployment that relies on the built-in rate limiting feature is affected. This vulnerability is fixed in 9.5.2-alpha.10 and 8.6.23. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30972 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.1966 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19686 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19664 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.1949 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30972 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.23 |
| purl |
pkg:npm/parse-server@8.6.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 8 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 9 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 10 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 11 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 12 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 13 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 14 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 15 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 16 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 17 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 18 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 19 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 20 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 21 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 22 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 23 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 24 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 25 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 26 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 27 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 28 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 29 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 30 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 31 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 32 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 33 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 34 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 35 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 36 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 37 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 38 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 39 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 40 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 41 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 42 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 43 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 44 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 45 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 46 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 47 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.23 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.10 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 8 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 9 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 10 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 11 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 12 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 13 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 14 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 15 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 16 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 17 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 18 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 19 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 20 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 21 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 22 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 23 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 24 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 25 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 26 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 27 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 28 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 29 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 30 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 31 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 32 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 33 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 34 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 35 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 36 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 37 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 38 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 39 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 40 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 41 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 42 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 43 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 44 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 45 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 46 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 47 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.10 |
|
|
| aliases |
CVE-2026-30972, GHSA-775h-3xrc-c228
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-caj3-ujpk-hba5 |
|
| 25 |
| url |
VCID-cbrh-vg1p-3ua7 |
| vulnerability_id |
VCID-cbrh-vg1p-3ua7 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.70 and 9.7.0-alpha.18, an authenticated user with find class-level permission can bypass the protectedFields class-level permission setting on LiveQuery subscriptions. By sending a subscription with a $or, $and, or $nor operator value as a plain object with numeric keys and a length property (an "array-like" object) instead of an array, the protected-field guard is bypassed. The subscription event firing acts as a binary oracle, allowing the attacker to infer whether a protected field matches a given test value. This issue has been patched in versions 8.6.70 and 9.7.0-alpha.18. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34595 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.1263 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12707 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12722 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12729 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34595 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34595, GHSA-mmg8-87c5-jrc2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cbrh-vg1p-3ua7 |
|
| 26 |
| url |
VCID-czsu-zebt-puhd |
| vulnerability_id |
VCID-czsu-zebt-puhd |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. This vulnerability is fixed in 7.5.3 and 8.2.2. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-53364 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01039 |
| scoring_system |
epss |
| scoring_elements |
0.7791 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.01039 |
| scoring_system |
epss |
| scoring_elements |
0.77835 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.01039 |
| scoring_system |
epss |
| scoring_elements |
0.77903 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.01039 |
| scoring_system |
epss |
| scoring_elements |
0.77916 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-53364 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@7.5.3 |
| purl |
pkg:npm/parse-server@7.5.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 18 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 19 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 20 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 21 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 22 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 23 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 24 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 25 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 26 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 27 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 28 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 29 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 30 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 31 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 32 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 33 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 34 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 35 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 36 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 37 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 38 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 39 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 40 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 41 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 42 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 43 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 44 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 45 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 46 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 47 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 48 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 49 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 50 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 51 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 52 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 53 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 54 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 55 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 56 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 57 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 58 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 59 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 60 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 61 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 62 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 63 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 64 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 65 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 66 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 67 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 68 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 69 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 70 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 71 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.5.3 |
|
| 1 |
| url |
pkg:npm/parse-server@8.0.0-alpha.1 |
| purl |
pkg:npm/parse-server@8.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 19 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 20 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 21 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 22 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 23 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 24 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 25 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 26 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 27 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 28 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 29 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 30 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 31 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 32 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 33 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 34 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 35 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 36 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 37 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 38 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 39 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 40 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 41 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 42 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 43 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 44 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 45 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 46 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 47 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 48 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 49 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 50 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 51 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 52 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 53 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 54 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 55 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 56 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 57 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 58 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 59 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 60 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 61 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 62 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 63 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 64 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 65 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 66 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 67 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 68 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 69 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 70 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.0.0-alpha.1 |
|
| 2 |
| url |
pkg:npm/parse-server@8.2.2 |
| purl |
pkg:npm/parse-server@8.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 18 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 19 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 20 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 21 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 22 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 23 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 24 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 25 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 26 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 27 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 28 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 29 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 30 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 31 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 32 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 33 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 34 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 35 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 36 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 37 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 38 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 39 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 40 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 41 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 42 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 43 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 44 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 45 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 46 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 47 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 48 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 49 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 50 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 51 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 52 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 53 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 54 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 55 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 56 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 57 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 58 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 59 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 60 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 61 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 62 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 63 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 64 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 65 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 66 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 67 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 68 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 69 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 70 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 71 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 72 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.2.2 |
|
|
| aliases |
CVE-2025-53364, GHSA-48q3-prgv-gm4w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-czsu-zebt-puhd |
|
| 27 |
| url |
VCID-d328-5we4-ukhw |
| vulnerability_id |
VCID-d328-5we4-ukhw |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-29027 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01895 |
| scoring_system |
epss |
| scoring_elements |
0.83679 |
| published_at |
2026-06-13T12:55:00Z |
|
| 1 |
| value |
0.01895 |
| scoring_system |
epss |
| scoring_elements |
0.83676 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.01895 |
| scoring_system |
epss |
| scoring_elements |
0.8367 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.01895 |
| scoring_system |
epss |
| scoring_elements |
0.83611 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-29027 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@6.5.5 |
| purl |
pkg:npm/parse-server@6.5.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bd2p-eg4j-mfgq |
|
| 19 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 20 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 21 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 22 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 23 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 24 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 25 |
| vulnerability |
VCID-czsu-zebt-puhd |
|
| 26 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 27 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 28 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 29 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 30 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 31 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 32 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 33 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 34 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 35 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 36 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 37 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 38 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 39 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 40 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 41 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 42 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 43 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 44 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 45 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 46 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 47 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 48 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 49 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 50 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 51 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 52 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 53 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 54 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 55 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 56 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 57 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 58 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 59 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 60 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 61 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 62 |
| vulnerability |
VCID-tmz8-ectq-xqh6 |
|
| 63 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 64 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 65 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 66 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 67 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 68 |
| vulnerability |
VCID-wrzy-ar2d-kfe3 |
|
| 69 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 70 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 71 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 72 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 73 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 74 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.5.5 |
|
| 1 |
| url |
pkg:npm/parse-server@7.0.0-alpha.29 |
| purl |
pkg:npm/parse-server@7.0.0-alpha.29 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 19 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 20 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 21 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 22 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 23 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 24 |
| vulnerability |
VCID-czsu-zebt-puhd |
|
| 25 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 26 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 27 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 28 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 29 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 30 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 31 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 32 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 33 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 34 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 35 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 36 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 37 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 38 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 39 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 40 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 41 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 42 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 43 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 44 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 45 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 46 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 47 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 48 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 49 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 50 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 51 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 52 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 53 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 54 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 55 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 56 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 57 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 58 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 59 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 60 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 61 |
| vulnerability |
VCID-tmz8-ectq-xqh6 |
|
| 62 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 63 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 64 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 65 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 66 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 67 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 68 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 69 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 70 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 71 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 72 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.0.0-alpha.29 |
|
|
| aliases |
CVE-2024-29027, GHSA-6hh7-46r2-vf29
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d328-5we4-ukhw |
|
| 28 |
| url |
VCID-dhkw-d15h-rkb5 |
| vulnerability_id |
VCID-dhkw-d15h-rkb5 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password (OTP) login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive valid session tokens, breaking the single-use property of the OTP. The vulnerability requires the attacker to already possess the victim's password and intercept the active SMS OTP (e.g. via SIM swap, network mirror, or phishing relay) and to race the legitimate login request, so the practical attack surface is narrow. This vulnerability is fixed in 8.6.76 and 9.9.0-alpha.2. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-43930 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01108 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01301 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01106 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01296 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-43930 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-43930, GHSA-jpq4-7fmq-q5fj
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dhkw-d15h-rkb5 |
|
| 29 |
| url |
VCID-dmkx-64cw-67ae |
| vulnerability_id |
VCID-dmkx-64cw-67ae |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2-alpha.1, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset and email verification resend endpoints. The token value is passed to database queries without type validation and can be used to extract password reset and email verification tokens. Any Parse Server deployment using MongoDB with email verification or password reset enabled is affected. When emailVerifyTokenReuseIfValid is configured, the email verification token can be fully extracted and used to verify a user's email address without inbox access. This vulnerability is fixed in 8.6.14 and 9.5.2-alpha.1. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30941 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18904 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18928 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.1891 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18746 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30941 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.14 |
| purl |
pkg:npm/parse-server@8.6.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 11 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 12 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 13 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 14 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 15 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 16 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 17 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 18 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 19 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 20 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 21 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 22 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 23 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 24 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 25 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 26 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 27 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 28 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 29 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 30 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 31 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 32 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 33 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 34 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 35 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 36 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 37 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 38 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 39 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 40 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 41 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 42 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 43 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 44 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 45 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 46 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 47 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 48 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 49 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 50 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 51 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 52 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 53 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 54 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 55 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 56 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.14 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.1 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 11 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 12 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 13 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 14 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 15 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 16 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 17 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 18 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 19 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 20 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 21 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 22 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 23 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 24 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 25 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 26 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 27 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 28 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 29 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 30 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 31 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 32 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 33 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 34 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 35 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 36 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 37 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 38 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 39 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 40 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 41 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 42 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 43 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 44 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 45 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 46 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 47 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 48 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 49 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 50 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 51 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 52 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 53 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 54 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 55 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 56 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.1 |
|
|
| aliases |
CVE-2026-30941, GHSA-vgjh-hmwf-c588
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dmkx-64cw-67ae |
|
| 30 |
| url |
VCID-dyd6-6yy1-hyhn |
| vulnerability_id |
VCID-dyd6-6yy1-hyhn |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.6 and 8.6.74, he login endpoint response time differs measurably depending on whether the submitted username or email exists in the database. When a user is not found, the server responds immediately. When a user exists but the password is wrong, a bcrypt comparison runs first, adding significant latency. This timing difference allows an unauthenticated attacker to enumerate valid usernames. This vulnerability is fixed in 9.8.0-alpha.6 and 8.6.74. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-39321 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.09019 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.0907 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.09067 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.09485 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-39321 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-39321, GHSA-mmpq-5hcv-hf2v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dyd6-6yy1-hyhn |
|
| 31 |
| url |
VCID-e7pg-sdu5-mkhh |
| vulnerability_id |
VCID-e7pg-sdu5-mkhh |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME parameter (e.g. `;charset=utf-8`) to the `Content-Type` header. This causes the extension validation to fail matching against the blocklist, allowing active content to be stored and served under the application's domain. In addition, certain XML-based file extensions that can render scripts in web browsers are not included in the default blocklist. This can lead to stored XSS attacks, compromising session tokens, user credentials, or other sensitive data accessible via the browser's local storage. The fix in versions 9.6.0-alpha.15 and 8.6.41 strips MIME parameters from the `Content-Type` header before validating the file extension against the blocklist. The default blocklist has also been extended to include additional XML-based extensions (`xsd`, `rng`, `rdf`, `rdf+xml`, `owl`, `mathml`, `mathml+xml`) that can render active content in web browsers. Note that the `fileUpload.fileExtensions` option is intended to be configured as an allowlist of file extensions that are valid for a specific application, not as a denylist. The default denylist is provided only as a basic default that covers most common problematic extensions. It is not intended to be an exhaustive list of all potentially dangerous extensions. Developers should not rely on the default value, as new extensions that can render active content in browsers might emerge in the future. As a workaround, configure the `fileUpload.fileExtensions` option to use an allowlist of only the file extensions that your application needs, rather than relying on the default blocklist. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32728 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.0282 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02821 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02828 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02811 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32728 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.41 |
| purl |
pkg:npm/parse-server@8.6.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 4 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 5 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 6 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 7 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 8 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 9 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 10 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 11 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 12 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 13 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 14 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 15 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 16 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 17 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 18 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 19 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 20 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 21 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 22 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 23 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 24 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 25 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 26 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 27 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 28 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 29 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 30 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 31 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.41 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.15 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 4 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 5 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 6 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 7 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 8 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 9 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 10 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 11 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 12 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 13 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 14 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 15 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 16 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 17 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 18 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 19 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 20 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 21 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 22 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 23 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 24 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 25 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 26 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 27 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 28 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 29 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 30 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 31 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.15 |
|
|
| aliases |
CVE-2026-32728, GHSA-42ph-pf9q-cr72
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e7pg-sdu5-mkhh |
|
| 32 |
| url |
VCID-e84c-36en-wqaa |
| vulnerability_id |
VCID-e84c-36en-wqaa |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and 9.6.0-alpha.43, an attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped from event payloads, the presence or absence of update events reveals whether the protected field changed, creating a binary oracle. For boolean protected fields, the timing of change events is equivalent to knowing the field value. This issue has been patched in versions 8.6.54 and 9.6.0-alpha.43. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33429 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03023 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03032 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03021 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03036 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33429 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.54 |
| purl |
pkg:npm/parse-server@8.6.54 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 10 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 11 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 12 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 13 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 14 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 15 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 16 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 17 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.54 |
|
| 1 |
| url |
pkg:npm/parse-server@9.0.0-alpha.1 |
| purl |
pkg:npm/parse-server@9.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 1 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 2 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 3 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 4 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 5 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 6 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 7 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 8 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 9 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 10 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 11 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 12 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 13 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 14 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 15 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 16 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 17 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1 |
|
| 2 |
| url |
pkg:npm/parse-server@9.6.0-alpha.43 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.43 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 10 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 11 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 12 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 13 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 14 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 15 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 16 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 17 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.43 |
|
|
| aliases |
CVE-2026-33429, GHSA-qpc3-fg4j-8hgm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e84c-36en-wqaa |
|
| 33 |
| url |
VCID-ee1t-31wz-ufbw |
| vulnerability_id |
VCID-ee1t-31wz-ufbw |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a $regex query operator is passed to PostgreSQL using unparameterized string interpolation, allowing the attacker to manipulate the SQL query. While the master key controls what can be done through the Parse Server abstraction layer, this SQL injection bypasses Parse Server entirely and operates at the database level. This vulnerability only affects Parse Server deployments using PostgreSQL. This vulnerability is fixed in 9.6.0-alpha.10 and 8.6.36. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32234 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1369 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13777 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13808 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13806 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32234 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.36 |
| purl |
pkg:npm/parse-server@8.6.36 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 17 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 18 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 19 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 20 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 21 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 22 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 23 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 24 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 25 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 26 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 27 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 28 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 29 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 30 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 31 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 32 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 33 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 34 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 35 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 36 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.36 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.10 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 17 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 18 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 19 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 20 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 21 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 22 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 23 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 24 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 25 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 26 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 27 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 28 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 29 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 30 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 31 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 32 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 33 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 34 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 35 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 36 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.10 |
|
|
| aliases |
CVE-2026-32234, GHSA-c442-97qw-j6c6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ee1t-31wz-ufbw |
|
| 34 |
| url |
VCID-evdb-d9ew-pbfq |
| vulnerability_id |
VCID-evdb-d9ew-pbfq |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.35 and 8.6.50, when a `Parse.Cloud.afterLiveQueryEvent` trigger is registered for a class, the LiveQuery server leaks protected fields and `authData` to all subscribers of that class. Fields configured as protected via Class-Level Permissions (`protectedFields`) are included in LiveQuery event payloads for all event types (create, update, delete, enter, leave). Any user with sufficient CLP permissions to subscribe to the affected class can receive protected field data of other users, including sensitive personal information and OAuth tokens from third-party authentication providers. The vulnerability was caused by a reference detachment bug. When an `afterEvent` trigger is registered, the LiveQuery server converts the event object to a `Parse.Object` for the trigger, then creates a new JSON copy via `toJSONwithObjects()`. The sensitive data filter was applied to the `Parse.Object` reference, but the unfiltered JSON copy was sent to clients. The fix in versions 9.6.0-alpha.35 and 8.6.50 ensures that the JSON copy is assigned back to the response object before filtering, so the filter operates on the actual data sent to clients. As a workaround, remove all `Parse.Cloud.afterLiveQueryEvent` trigger registrations. Without an `afterEvent` trigger, the reference detachment does not occur and protected fields are correctly filtered. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33163 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11572 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11613 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1165 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11643 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33163 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.50 |
| purl |
pkg:npm/parse-server@8.6.50 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 4 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 5 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 6 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 7 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 8 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 9 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 10 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 11 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 12 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 13 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 14 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 15 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 16 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 17 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 18 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 19 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 20 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 21 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 22 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 23 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.50 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.35 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.35 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 4 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 5 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 6 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 7 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 8 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 9 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 10 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 11 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 12 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 13 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 14 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 15 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 16 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 17 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 18 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 19 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 20 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 21 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 22 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 23 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.35 |
|
|
| aliases |
CVE-2026-33163, GHSA-5hmj-jcgp-6hff
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-evdb-d9ew-pbfq |
|
| 35 |
| url |
VCID-fdqv-3n6r-2fgb |
| vulnerability_id |
VCID-fdqv-3n6r-2fgb |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its URL, the browser renders the file and executes the malicious code in the context of the Parse Server domain. This is a stored Cross-Site Scripting (XSS) vulnerability that can be exploited to steal session tokens, redirect users, or perform actions on behalf of other users. Affected file extensions and content types include .svgz, .xht, .xml, .xsl, .xslt, and content types application/xhtml+xml and application/xslt+xml for extensionless uploads. Uploading of .html, .htm, .shtml, .xhtml, and .svg files was already blocked. This vulnerability is fixed in 9.6.0-alpha.4 and 8.6.30. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31868 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20188 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20212 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20191 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20019 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31868 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.30 |
| purl |
pkg:npm/parse-server@8.6.30 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 22 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 23 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 24 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 25 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 26 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 27 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 28 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 29 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 30 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 31 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 32 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 33 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 34 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 35 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 36 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 37 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 38 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 39 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 40 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 41 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 42 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.30 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.4 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 22 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 23 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 24 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 25 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 26 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 27 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 28 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 29 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 30 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 31 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 32 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 33 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 34 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 35 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 36 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 37 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 38 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 39 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 40 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 41 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 42 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.4 |
|
|
| aliases |
CVE-2026-31868, GHSA-v5hf-f4c3-m5rv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fdqv-3n6r-2fgb |
|
| 36 |
| url |
VCID-g9b7-r5ry-mybm |
| vulnerability_id |
VCID-g9b7-r5ry-mybm |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0-alpha.41, an authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowing the user's credentials. The attacker only needs to know the user's provider ID to gain full access to their account, including a valid session token. This affects Parse Server deployments where the server option allowExpiredAuthDataToken is set to true. The default value is false. This issue has been patched in versions 8.6.52 and 9.6.0-alpha.41. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33409 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.08546 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.08551 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.08549 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00028 |
| scoring_system |
epss |
| scoring_elements |
0.08511 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33409 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/parse-community/parse-server/pull/10246 |
| reference_id |
10246 |
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
7.0 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T13:39:16Z/ |
|
|
| url |
https://github.com/parse-community/parse-server/pull/10246 |
|
| 4 |
| reference_url |
https://github.com/parse-community/parse-server/pull/10247 |
| reference_id |
10247 |
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
7.0 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T13:39:16Z/ |
|
|
| url |
https://github.com/parse-community/parse-server/pull/10247 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.52 |
| purl |
pkg:npm/parse-server@8.6.52 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 8 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 9 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 10 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 11 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 12 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 13 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 14 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 15 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 16 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 17 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 18 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 19 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 20 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 21 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.52 |
|
| 1 |
| url |
pkg:npm/parse-server@9.0.0-alpha.1 |
| purl |
pkg:npm/parse-server@9.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 1 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 2 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 3 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 4 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 5 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 6 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 7 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 8 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 9 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 10 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 11 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 12 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 13 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 14 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 15 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 16 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 17 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1 |
|
| 2 |
| url |
pkg:npm/parse-server@9.6.0-alpha.41 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 8 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 9 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 10 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 11 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 12 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 13 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 14 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 15 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 16 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 17 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 18 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 19 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 20 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 21 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.41 |
|
|
| aliases |
CVE-2026-33409, GHSA-pfj7-wv7c-22pr
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g9b7-r5ry-mybm |
|
| 37 |
| url |
VCID-gdee-x759-bbg9 |
| vulnerability_id |
VCID-gdee-x759-bbg9 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.4 and 9.4.1-alpha.3, Parse Server's readOnlyMasterKey option allows access with master-level read privileges but is documented to deny all write operations. However, some endpoints incorrectly accept the readOnlyMasterKey for mutating operations. This allows a caller who only holds the readOnlyMasterKey to create, modify, and delete Cloud Hooks and to start Cloud Jobs, which can be used for data exfiltration. Any Parse Server deployment that uses the readOnlyMasterKey option is affected. Note than an attacker needs to know the readOnlyMasterKey to exploit this vulnerability. This issue has been patched in versions 8.6.4 and 9.4.1-alpha.3. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-29182 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06879 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06892 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06902 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06876 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-29182 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.4 |
| purl |
pkg:npm/parse-server@8.6.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 18 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 19 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 20 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 21 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 22 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 23 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 24 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 25 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 26 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 27 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 28 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 29 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 30 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 31 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 32 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 33 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 34 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 35 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 36 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 37 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 38 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 39 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 40 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 41 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 42 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 43 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 44 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 45 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 46 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 47 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 48 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 49 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 50 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 51 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 52 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 53 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 54 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 55 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 56 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 57 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 58 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 59 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 60 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 61 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 62 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 63 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 64 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 65 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 66 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.4 |
|
| 1 |
| url |
pkg:npm/parse-server@9.4.1-alpha.3 |
| purl |
pkg:npm/parse-server@9.4.1-alpha.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-14sg-981y-pbdx |
|
| 3 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 4 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 5 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 18 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 19 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 20 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 21 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 22 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 23 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 24 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 25 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 26 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 27 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 28 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 29 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 30 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 31 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 32 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 33 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 34 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 35 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 36 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 37 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 38 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 39 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 40 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 41 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 42 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 43 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 44 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 45 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 46 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 47 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 48 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 49 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 50 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 51 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 52 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 53 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 54 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 55 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 56 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 57 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 58 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 59 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 60 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 61 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 62 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 63 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 64 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 65 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 66 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 67 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.4.1-alpha.3 |
|
|
| aliases |
CVE-2026-29182, GHSA-vc89-5g3r-cmhh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gdee-x759-bbg9 |
|
| 38 |
| url |
VCID-gjus-pwzw-qufs |
| vulnerability_id |
VCID-gjus-pwzw-qufs |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input (authData.id) is interpolated directly into LDAP Distinguished Names (DN) and group search filters without escaping special characters. This allows an attacker with valid LDAP credentials to manipulate the bind DN structure and to bypass group membership checks. This enables privilege escalation from any authenticated LDAP user to a member of any restricted group. The vulnerability affects Parse Server deployments that use the LDAP authentication adapter with group-based access control. This vulnerability is fixed in 9.5.2-alpha.13 and 8.6.26. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31828 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37245 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37433 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37423 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37447 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31828 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.26 |
| purl |
pkg:npm/parse-server@8.6.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 8 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 9 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 10 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 11 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 12 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 13 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 14 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 15 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 16 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 17 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 18 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 19 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 20 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 21 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 22 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 23 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 24 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 25 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 26 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 27 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 28 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 29 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 30 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 31 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 32 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 33 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 34 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 35 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 36 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 37 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 38 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 39 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 40 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 41 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 42 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 43 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 44 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 45 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.26 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.13 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 8 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 9 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 10 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 11 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 12 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 13 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 14 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 15 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 16 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 17 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 18 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 19 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 20 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 21 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 22 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 23 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 24 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 25 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 26 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 27 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 28 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 29 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 30 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 31 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 32 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 33 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 34 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 35 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 36 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 37 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 38 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 39 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 40 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 41 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 42 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 43 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 44 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 45 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.13 |
|
|
| aliases |
CVE-2026-31828, GHSA-7m6r-fhh7-r47c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gjus-pwzw-qufs |
|
| 39 |
| url |
VCID-gngn-8vy6-bkg7 |
| vulnerability_id |
VCID-gngn-8vy6-bkg7 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacker who knows a user's password can extract the MFA secret to generate valid MFA codes, defeating multi-factor authentication protection. This issue has been patched in versions 8.6.63 and 9.7.0-alpha.7. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34215 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24728 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24923 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.2494 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24927 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34215 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.63 |
| purl |
pkg:npm/parse-server@8.6.63 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 2 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 3 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 4 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 5 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 6 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 7 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 8 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 9 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 10 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 11 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.63 |
|
| 1 |
|
|
| aliases |
CVE-2026-34215, GHSA-wp76-gg32-8258
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gngn-8vy6-bkg7 |
|
| 40 |
| url |
VCID-hbms-u2mt-jyhn |
| vulnerability_id |
VCID-hbms-u2mt-jyhn |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields (`sessionToken`, `expiresAt`, `createdWith`) when creating a session object via `POST /classes/_Session`. This allows bypassing the server's session expiration policy by setting an arbitrary far-future expiration date. It also allows setting a predictable session token value. Starting in version 9.6.0-alpha.17 and 8.6.42, the session creation endpoint filters out server-generated fields from user-supplied data, preventing them from being overwritten. As a workaround, add a `beforeSave` trigger on the `_Session` class to validate and reject or strip any user-supplied values for `sessionToken`, `expiresAt`, and `createdWith`. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32742 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05985 |
| published_at |
2026-06-13T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05978 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05969 |
| published_at |
2026-06-11T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05993 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32742 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.42 |
| purl |
pkg:npm/parse-server@8.6.42 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 4 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 5 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 6 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 7 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 8 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 9 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 10 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 11 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 12 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 13 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 14 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 15 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 16 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 17 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 18 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 19 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 20 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 21 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 22 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 23 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 24 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 25 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 26 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 27 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 28 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 29 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 30 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.42 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.17 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 4 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 5 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 6 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 7 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 8 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 9 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 10 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 11 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 12 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 13 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 14 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 15 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 16 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 17 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 18 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 19 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 20 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 21 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 22 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 23 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 24 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 25 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 26 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 27 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 28 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 29 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 30 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.17 |
|
|
| aliases |
CVE-2026-32742, GHSA-5v7g-9h8f-8pgg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hbms-u2mt-jyhn |
|
| 41 |
| url |
VCID-hh7p-ae88-z3fs |
| vulnerability_id |
VCID-hh7p-ae88-z3fs |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.9 and 8.6.35, an attacker can exploit LiveQuery subscriptions to infer the values of protected fields without directly receiving them. By subscribing with a WHERE clause that references a protected field (including via dot-notation or $regex), the attacker can observe whether LiveQuery events are delivered for matching objects. This creates a boolean oracle that leaks protected field values. The attack affects any class that has both protectedFields configured in Class-Level Permissions and LiveQuery enabled. This vulnerability is fixed in 9.6.0-alpha.9 and 8.6.35. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32098 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16495 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16626 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16641 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00052 |
| scoring_system |
epss |
| scoring_elements |
0.16653 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32098 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.35 |
| purl |
pkg:npm/parse-server@8.6.35 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 22 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 23 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 24 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 25 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 26 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 27 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 28 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 29 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 30 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 31 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 32 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 33 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 34 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 35 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 36 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 37 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.35 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.9 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 22 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 23 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 24 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 25 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 26 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 27 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 28 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 29 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 30 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 31 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 32 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 33 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 34 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 35 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 36 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 37 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.9 |
|
|
| aliases |
CVE-2026-32098, GHSA-j7mm-f4rv-6q6q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hh7p-ae88-z3fs |
|
| 42 |
| url |
VCID-hs5q-jk5r-7ya8 |
| vulnerability_id |
VCID-hs5q-jk5r-7ya8 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.65 and 9.7.0-alpha.9, when multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects. The sensitive data filter modifies these shared objects in-place, so when one subscriber's filter removes a protected field, subsequent subscribers may receive the already-filtered object. This can cause protected fields and authentication data to leak to clients that should not see them, or cause clients that should see the data to receive an incomplete object. Additionally, when an afterEvent Cloud Code trigger is registered, one subscriber's trigger modifications can leak to other subscribers through the same shared mutable state. Any Parse Server deployment using LiveQuery with protected fields or afterEvent triggers is affected when multiple clients subscribe to the same class. This issue has been patched in versions 8.6.65 and 9.7.0-alpha.9. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34363 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.0685 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06848 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06862 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06874 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34363 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34363, GHSA-m983-v2ff-wq65
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hs5q-jk5r-7ya8 |
|
| 43 |
| url |
VCID-j3ba-adds-muay |
| vulnerability_id |
VCID-j3ba-adds-muay |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that exploits prototype pollution in the deep copy mechanism. This allows injecting fields into class schemas that have field addition locked down, and can cause permanent schema type conflicts that cannot be resolved even with the master key. In 9.6.0-alpha.20 and 8.6.44, the vulnerable third-party deep copy library has been replaced with a built-in deep clone mechanism that handles prototype properties safely, allowing the existing denylist check to correctly detect and reject the prohibited keyword. No known workarounds are available. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32878 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03622 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03645 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03638 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03631 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32878 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.44 |
| purl |
pkg:npm/parse-server@8.6.44 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 3 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 4 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 5 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 6 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 7 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 8 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 9 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 10 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 11 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 12 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 13 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 14 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 15 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 16 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 17 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 18 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 19 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 20 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 21 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 22 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 23 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 24 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 25 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 26 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 27 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 28 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.44 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.20 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 3 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 4 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 5 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 6 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 7 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 8 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 9 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 10 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 11 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 12 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 13 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 14 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 15 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 16 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 17 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 18 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 19 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 20 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 21 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 22 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 23 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 24 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 25 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 26 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 27 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 28 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.20 |
|
|
| aliases |
CVE-2026-32878, GHSA-9ccr-fpp6-78qf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j3ba-adds-muay |
|
| 44 |
| url |
VCID-j8xd-t1fd-hyba |
| vulnerability_id |
VCID-j8xd-t1fd-hyba |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter (e.g. [abc) causes the database to return a structured error object that is passed unsanitized through the API response. This leaks database internals such as error messages, error codes, code names, cluster timestamps, and topology details. The vulnerability is exploitable by any client that can send query requests, depending on the deployment's permission configuration. This issue has been patched in versions 8.6.7 and 9.5.0-alpha.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30835 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02847 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02837 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02853 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02844 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30835 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.7 |
| purl |
pkg:npm/parse-server@8.6.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 17 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 18 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 19 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 20 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 21 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 22 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 23 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 24 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 25 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 26 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 27 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 28 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 29 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 30 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 31 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 32 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 33 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 34 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 35 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 36 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 37 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 38 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 39 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 40 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 41 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 42 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 43 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 44 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 45 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 46 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 47 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 48 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 49 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 50 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 51 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 52 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 53 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 54 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 55 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 56 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 57 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 58 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 59 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 60 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 61 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 62 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 63 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.7 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.0-alpha.6 |
| purl |
pkg:npm/parse-server@9.5.0-alpha.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-14sg-981y-pbdx |
|
| 3 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 4 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 5 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 18 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 19 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 20 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 21 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 22 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 23 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 24 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 25 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 26 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 27 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 28 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 29 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 30 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 31 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 32 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 33 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 34 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 35 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 36 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 37 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 38 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 39 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 40 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 41 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 42 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 43 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 44 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 45 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 46 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 47 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 48 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 49 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 50 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 51 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 52 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 53 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 54 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 55 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 56 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 57 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 58 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 59 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 60 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 61 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 62 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 63 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 64 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.6 |
|
|
| aliases |
CVE-2026-30835, GHSA-9cp7-3q5w-j92g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j8xd-t1fd-hyba |
|
| 45 |
| url |
VCID-jh6w-1y2k-27de |
| vulnerability_id |
VCID-jh6w-1y2k-27de |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the _GraphQLConfig and _Audience internal classes can be read, modified, and deleted via the generic /classes/_GraphQLConfig and /classes/_Audience REST API routes without master key authentication. This bypasses the master key enforcement that exists on the dedicated /graphql-config and /push_audiences endpoints. An attacker can read, modify and delete GraphQL configuration and push audience data. This vulnerability is fixed in 9.5.2-alpha.12 and 8.6.25. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31800 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00106 |
| scoring_system |
epss |
| scoring_elements |
0.28361 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00106 |
| scoring_system |
epss |
| scoring_elements |
0.2837 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00106 |
| scoring_system |
epss |
| scoring_elements |
0.28346 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00106 |
| scoring_system |
epss |
| scoring_elements |
0.2815 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31800 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.25 |
| purl |
pkg:npm/parse-server@8.6.25 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 8 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 9 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 10 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 11 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 12 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 13 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 14 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 15 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 16 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 17 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 18 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 19 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 20 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 21 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 22 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 23 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 24 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 25 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 26 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 27 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 28 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 29 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 30 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 31 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 32 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 33 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 34 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 35 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 36 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 37 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 38 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 39 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 40 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 41 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 42 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 43 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 44 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 45 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 46 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.25 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.12 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 8 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 9 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 10 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 11 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 12 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 13 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 14 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 15 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 16 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 17 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 18 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 19 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 20 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 21 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 22 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 23 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 24 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 25 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 26 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 27 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 28 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 29 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 30 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 31 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 32 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 33 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 34 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 35 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 36 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 37 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 38 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 39 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 40 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 41 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 42 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 43 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 44 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 45 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 46 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.12 |
|
|
| aliases |
CVE-2026-31800, GHSA-7xg7-rqf6-pw6c
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jh6w-1y2k-27de |
|
| 46 |
| url |
VCID-kgbm-tgkt-nyew |
| vulnerability_id |
VCID-kgbm-tgkt-nyew |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the `apiURL` parameter in `authData`. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users. This is fixed in versions 8.6.2 and 9.1.1-alpha.1 by hardcoding the Instagram Graph API URL `https://graph.instagram.com` and ignoring client-provided `apiURL` values. No known workarounds are available. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-68150 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24791 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24807 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24794 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24597 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-68150 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.2 |
| purl |
pkg:npm/parse-server@8.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 18 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 19 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 20 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 21 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 22 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 23 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 24 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 25 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 26 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 27 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 28 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 29 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 30 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 31 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 32 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 33 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 34 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 35 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 36 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 37 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 38 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 39 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 40 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 41 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 42 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 43 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 44 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 45 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 46 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 47 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 48 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 49 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 50 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 51 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 52 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 53 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 54 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 55 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 56 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 57 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 58 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 59 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 60 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 61 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 62 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 63 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 64 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 65 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 66 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 67 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 68 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.2 |
|
| 1 |
| url |
pkg:npm/parse-server@9.0.0-alpha.1 |
| purl |
pkg:npm/parse-server@9.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 1 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 2 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 3 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 4 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 5 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 6 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 7 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 8 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 9 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 10 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 11 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 12 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 13 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 14 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 15 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 16 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 17 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1 |
|
| 2 |
| url |
pkg:npm/parse-server@9.1.1-alpha.1 |
| purl |
pkg:npm/parse-server@9.1.1-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 18 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 19 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 20 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 21 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 22 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 23 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 24 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 25 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 26 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 27 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 28 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 29 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 30 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 31 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 32 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 33 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 34 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 35 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 36 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 37 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 38 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 39 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 40 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 41 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 42 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 43 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 44 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 45 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 46 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 47 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 48 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 49 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 50 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 51 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 52 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 53 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 54 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 55 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 56 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 57 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 58 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 59 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 60 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 61 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 62 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 63 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 64 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 65 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 66 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 67 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 68 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.1.1-alpha.1 |
|
|
| aliases |
CVE-2025-68150, GHSA-3f5f-xgrj-97pf
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kgbm-tgkt-nyew |
|
| 47 |
| url |
VCID-ma3z-wh1c-v7c8 |
| vulnerability_id |
VCID-ma3z-wh1c-v7c8 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and 9.5.0-alpha.4, the readOnlyMasterKey can call POST /loginAs to obtain a valid session token for any user. This allows a read-only credential to impersonate arbitrary users with full read and write access to their data. Any Parse Server deployment that uses readOnlyMasterKey is affected. This issue has been patched in versions 8.6.6 and 9.5.0-alpha.4. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30229 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.07249 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.07248 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.07255 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.07214 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30229 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.6 |
| purl |
pkg:npm/parse-server@8.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 17 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 18 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 19 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 20 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 21 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 22 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 23 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 24 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 25 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 26 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 27 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 28 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 29 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 30 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 31 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 32 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 33 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 34 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 35 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 36 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 37 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 38 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 39 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 40 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 41 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 42 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 43 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 44 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 45 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 46 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 47 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 48 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 49 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 50 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 51 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 52 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 53 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 54 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 55 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 56 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 57 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 58 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 59 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 60 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 61 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 62 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 63 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 64 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.6 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.0-alpha.4 |
| purl |
pkg:npm/parse-server@9.5.0-alpha.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-14sg-981y-pbdx |
|
| 3 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 4 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 5 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 18 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 19 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 20 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 21 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 22 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 23 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 24 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 25 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 26 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 27 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 28 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 29 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 30 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 31 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 32 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 33 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 34 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 35 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 36 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 37 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 38 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 39 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 40 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 41 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 42 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 43 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 44 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 45 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 46 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 47 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 48 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 49 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 50 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 51 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 52 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 53 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 54 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 55 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 56 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 57 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 58 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 59 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 60 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 61 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 62 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 63 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 64 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 65 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.4 |
|
|
| aliases |
CVE-2026-30229, GHSA-79wj-8rqv-jvp5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ma3z-wh1c-v7c8 |
|
| 48 |
| url |
VCID-mdgb-p4u1-uud5 |
| vulnerability_id |
VCID-mdgb-p4u1-uud5 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0-alpha.48, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST API. This allows bypassing the server's configured session lifetime policy, making a session effectively permanent. This issue has been patched in versions 8.6.57 and 9.6.0-alpha.48. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.57 |
| purl |
pkg:npm/parse-server@8.6.57 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 10 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 11 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 12 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 13 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 14 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 15 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 16 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.57 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.48 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 10 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 11 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 12 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 13 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 14 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 15 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 16 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.48 |
|
|
| aliases |
CVE-2026-33527, GHSA-jc39-686j-wp6q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mdgb-p4u1-uud5 |
|
| 49 |
| url |
VCID-mm7p-maf1-eyhq |
| vulnerability_id |
VCID-mm7p-maf1-eyhq |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields (expiresAt, createdWith) by sending a null value in a PUT request to the session update endpoint. This allows nullifying the session expiry, making the session valid indefinitely and bypassing configured session length policies. This issue has been patched in versions 8.6.69 and 9.7.0-alpha.14. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34574 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.1263 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12707 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12722 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12729 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34574 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34574, GHSA-f6j3-w9v3-cq22
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mm7p-maf1-eyhq |
|
| 50 |
| url |
VCID-mxgt-92ep-73fj |
| vulnerability_id |
VCID-mxgt-92ep-73fj |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured providers, each request triggers a full collection scan on the user database. This can be parallelized to saturate database resources. This issue has been patched in versions 8.6.58 and 9.6.0-alpha.52. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33538 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00142 |
| scoring_system |
epss |
| scoring_elements |
0.34156 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00142 |
| scoring_system |
epss |
| scoring_elements |
0.34337 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00142 |
| scoring_system |
epss |
| scoring_elements |
0.34358 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00142 |
| scoring_system |
epss |
| scoring_elements |
0.34333 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33538 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.58 |
| purl |
pkg:npm/parse-server@8.6.58 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 10 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 11 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 12 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 13 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 14 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 15 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.58 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.52 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.52 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 10 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 11 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 12 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 13 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 14 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 15 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.52 |
|
|
| aliases |
CVE-2026-33538, GHSA-g4cf-xj29-wqqr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mxgt-92ep-73fj |
|
| 51 |
| url |
VCID-n4s7-6vvk-skfz |
| vulnerability_id |
VCID-n4s7-6vvk-skfz |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and 9.7.0-alpha.12, the GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads. A single unauthenticated request can block the Node.js event loop for seconds, denying service to all concurrent users. This only affects deployments that have enabled the requestComplexity.graphQLDepth or requestComplexity.graphQLFields configuration options. This issue has been patched in versions 8.6.68 and 9.7.0-alpha.12. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34573 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05341 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05343 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05353 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05359 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34573 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34573, GHSA-mfj6-6p54-m98c
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n4s7-6vvk-skfz |
|
| 52 |
| url |
VCID-n5mt-eebx-zbcf |
| vulnerability_id |
VCID-n5mt-eebx-zbcf |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.53 and 9.6.0-alpha.42, Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission (CLP) pointer permissions (readUserFields and pointerFields). Any authenticated user can subscribe to LiveQuery events and receive real-time updates for all objects in classes protected by pointer permissions, regardless of whether the pointer fields on those objects point to the subscribing user. This bypasses the intended read access control, allowing unauthorized access to potentially sensitive data that is correctly restricted via the REST API. This issue has been patched in versions 8.6.53 and 9.6.0-alpha.42. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33421 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01788 |
| published_at |
2026-06-13T12:55:00Z |
|
| 1 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01795 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01781 |
| published_at |
2026-06-11T12:55:00Z |
|
| 3 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01786 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33421 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.53 |
| purl |
pkg:npm/parse-server@8.6.53 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 10 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 11 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 12 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 13 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 14 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 15 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 16 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 17 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.53 |
|
| 1 |
| url |
pkg:npm/parse-server@9.0.0-alpha.1 |
| purl |
pkg:npm/parse-server@9.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 1 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 2 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 3 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 4 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 5 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 6 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 7 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 8 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 9 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 10 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 11 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 12 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 13 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 14 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 15 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 16 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 17 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1 |
|
| 2 |
| url |
pkg:npm/parse-server@9.6.0-alpha.42 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.42 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 10 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 11 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 12 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 13 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 14 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 15 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 16 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 17 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.42 |
|
|
| aliases |
CVE-2026-33421, GHSA-fph2-r4qg-9576
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n5mt-eebx-zbcf |
|
| 53 |
| url |
VCID-nqev-h9w8-pudy |
| vulnerability_id |
VCID-nqev-h9w8-pudy |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.61 and 9.6.0-alpha.55, an authenticated user calling GET /users/me receives unsanitized auth data, including sensitive credentials such as MFA TOTP secrets and recovery codes. The endpoint internally uses master-level authentication for the session query, and the master context leaks through to the user data, bypassing auth adapter sanitization. An attacker who obtains a user's session token can extract MFA secrets to generate valid TOTP codes indefinitely. This issue has been patched in versions 8.6.61 and 9.6.0-alpha.55. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33627 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.12016 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.12088 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.12109 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.12108 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33627 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.61 |
| purl |
pkg:npm/parse-server@8.6.61 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 2 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 3 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 4 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 5 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 6 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 7 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 8 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 9 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 10 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 11 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 12 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.61 |
|
| 1 |
|
|
| aliases |
CVE-2026-33627, GHSA-37mj-c2wf-cx96
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nqev-h9w8-pudy |
|
| 54 |
| url |
VCID-nt51-v9gk-w3e8 |
| vulnerability_id |
VCID-nt51-v9gk-w3e8 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist (e.g., .txt) but with a Content-Type header that differs from the extension (e.g., text/html). The Content-Type is passed to the storage adapter without consistency validation. Storage adapters that store and serve the provided Content-Type (such as S3 or GCS) serve the file with the mismatched Content-Type. The default GridFS adapter is not affected because it derives Content-Type from the filename at serving time. This vulnerability is fixed in 8.6.73 and 9.7.1-alpha.4. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35200 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09965 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.10014 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11654 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11677 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35200 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-35200, GHSA-vr5f-2r24-w5hc
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nt51-v9gk-w3e8 |
|
| 55 |
| url |
VCID-pkkz-wwqa-1ufw |
| vulnerability_id |
VCID-pkkz-wwqa-1ufw |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any client using only the application key. No master key is required. An attacker can create, read, update, or delete records in any internal relationship table. Exploiting this allows the attacker to inject themselves into any Parse Role, gaining all permissions associated with that role, including full read, write, and delete access to classes protected by role-based Class-Level Permissions (CLP). Similarly, writing to any such table that backs a Relation field used in a pointerFields CLP bypasses that access control. This vulnerability is fixed in 9.5.2-alpha.7 and 8.6.20. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30966 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20328 |
| published_at |
2026-06-13T12:55:00Z |
|
| 1 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20305 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20308 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20132 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30966 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.20 |
| purl |
pkg:npm/parse-server@8.6.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 9 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 10 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 11 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 12 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 13 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 14 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 15 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 16 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 17 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 18 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 19 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 20 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 21 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 22 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 23 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 24 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 25 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 26 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 27 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 28 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 29 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 30 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 31 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 32 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 33 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 34 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 35 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 36 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 37 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 38 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 39 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 40 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 41 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 42 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 43 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 44 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 45 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 46 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 47 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 48 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 49 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 50 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.20 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.7 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 9 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 10 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 11 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 12 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 13 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 14 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 15 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 16 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 17 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 18 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 19 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 20 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 21 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 22 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 23 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 24 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 25 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 26 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 27 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 28 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 29 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 30 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 31 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 32 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 33 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 34 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 35 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 36 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 37 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 38 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 39 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 40 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 41 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 42 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 43 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 44 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 45 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 46 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 47 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 48 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 49 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 50 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.7 |
|
|
| aliases |
CVE-2026-30966, GHSA-5f92-jrq3-28rc
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pkkz-wwqa-1ufw |
|
| 56 |
| url |
VCID-q59u-ywkn-wbfw |
| vulnerability_id |
VCID-q59u-ywkn-wbfw |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server process. The server becomes completely unresponsive and must be manually restarted. This is a bypass of the fix for CVE-2026-32944. This issue has been patched in versions 8.6.55 and 9.6.0-alpha.44. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06091 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06094 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06105 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06111 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33498 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.55 |
| purl |
pkg:npm/parse-server@8.6.55 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 10 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 11 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 12 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 13 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 14 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 15 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 16 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 17 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.55 |
|
| 1 |
| url |
pkg:npm/parse-server@9.0.0-alpha.1 |
| purl |
pkg:npm/parse-server@9.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 1 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 2 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 3 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 4 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 5 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 6 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 7 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 8 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 9 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 10 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 11 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 12 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 13 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 14 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 15 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 16 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 17 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1 |
|
| 2 |
| url |
pkg:npm/parse-server@9.6.0-alpha.44 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.44 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 10 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 11 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 12 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 13 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 14 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 15 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 16 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 17 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.44 |
|
|
| aliases |
CVE-2026-33498, GHSA-9fjp-q3c4-6w3j
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q59u-ywkn-wbfw |
|
| 57 |
| url |
VCID-qybe-rg1s-6kau |
| vulnerability_id |
VCID-qybe-rg1s-6kau |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation (e.g., stats.counter). The sub-key name is interpolated directly into SQL string literals without escaping. An attacker who can send write requests to the Parse Server REST API can inject arbitrary SQL via a crafted sub-key name containing single quotes, potentially executing commands or reading data from the database, bypassing CLPs and ACLs. Only Postgres deployments are affected. This vulnerability is fixed in 9.6.0-alpha.5 and 8.6.31. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31871 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13399 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13424 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13419 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13311 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31871 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.31 |
| purl |
pkg:npm/parse-server@8.6.31 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 22 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 23 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 24 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 25 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 26 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 27 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 28 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 29 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 30 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 31 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 32 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 33 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 34 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 35 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 36 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 37 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 38 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 39 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 40 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 41 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.31 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.5 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 22 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 23 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 24 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 25 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 26 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 27 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 28 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 29 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 30 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 31 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 32 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 33 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 34 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 35 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 36 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 37 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 38 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 39 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 40 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 41 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.5 |
|
|
| aliases |
CVE-2026-31871, GHSA-gqpp-xgvh-9h7h
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qybe-rg1s-6kau |
|
| 58 |
| url |
VCID-rbax-edn6-d3aw |
| vulnerability_id |
VCID-rbax-edn6-d3aw |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint (GET /files/:appId/metadata/:filename) does not enforce beforeFind / afterFind file triggers. When these triggers are used as access-control gates, the metadata endpoint bypasses them entirely, allowing unauthorized access to file metadata. This issue has been patched in versions 8.6.9 and 9.5.0-alpha.9. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30850 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06191 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06161 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06172 |
| published_at |
2026-06-11T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.0618 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30850 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.9 |
| purl |
pkg:npm/parse-server@8.6.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 17 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 18 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 19 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 20 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 21 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 22 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 23 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 24 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 25 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 26 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 27 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 28 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 29 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 30 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 31 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 32 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 33 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 34 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 35 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 36 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 37 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 38 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 39 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 40 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 41 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 42 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 43 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 44 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 45 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 46 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 47 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 48 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 49 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 50 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 51 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 52 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 53 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 54 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 55 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 56 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 57 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 58 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 59 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 60 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 61 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.9 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.0-alpha.9 |
| purl |
pkg:npm/parse-server@9.5.0-alpha.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-14sg-981y-pbdx |
|
| 3 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 4 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 5 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 18 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 19 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 20 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 21 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 22 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 23 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 24 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 25 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 26 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 27 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 28 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 29 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 30 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 31 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 32 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 33 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 34 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 35 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 36 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 37 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 38 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 39 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 40 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 41 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 42 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 43 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 44 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 45 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 46 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 47 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 48 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 49 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 50 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 51 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 52 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 53 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 54 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 55 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 56 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 57 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 58 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 59 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 60 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 61 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 62 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.9 |
|
|
| aliases |
CVE-2026-30850, GHSA-hwx8-q9cg-mqmc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rbax-edn6-d3aw |
|
| 59 |
| url |
VCID-rr98-m4bd-dqhf |
| vulnerability_id |
VCID-rr98-m4bd-dqhf |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.34 and 9.6.0-alpha.8, the email verification endpoint (/verificationEmailRequest) returns distinct error responses depending on whether an email address belongs to an existing user, is already verified, or does not exist. An attacker can send requests with different email addresses and observe the error codes to determine which email addresses are registered in the application. This is a user enumeration vulnerability that affects any Parse Server deployment with email verification enabled (verifyUserEmails: true). This vulnerability is fixed in 8.6.34 and 9.6.0-alpha.8. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31901 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.14167 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.14192 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.14195 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.14077 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31901 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.34 |
| purl |
pkg:npm/parse-server@8.6.34 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 22 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 23 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 24 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 25 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 26 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 27 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 28 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 29 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 30 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 31 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 32 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 33 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 34 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 35 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 36 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 37 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 38 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.34 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.8 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 22 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 23 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 24 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 25 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 26 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 27 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 28 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 29 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 30 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 31 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 32 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 33 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 34 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 35 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 36 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 37 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 38 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.8 |
|
|
| aliases |
CVE-2026-31901, GHSA-w54v-hf9p-8856
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rr98-m4bd-dqhf |
|
| 60 |
| url |
VCID-ryzc-v8ju-zbcd |
| vulnerability_id |
VCID-ryzc-v8ju-zbcd |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is not set (clientId for Google/Apple, appIds for Facebook), JWT verification silently skips audience claim validation. This allows an attacker to use a validly signed JWT issued for a different application to authenticate as any user on the target Parse Server. This issue has been patched in versions 8.6.10 and 9.5.0-alpha.11. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.10 |
| purl |
pkg:npm/parse-server@8.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 17 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 18 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 19 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 20 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 21 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 22 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 23 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 24 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 25 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 26 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 27 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 28 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 29 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 30 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 31 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 32 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 33 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 34 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 35 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 36 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 37 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 38 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 39 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 40 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 41 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 42 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 43 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 44 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 45 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 46 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 47 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 48 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 49 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 50 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 51 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 52 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 53 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 54 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 55 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 56 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 57 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 58 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 59 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 60 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.10 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.0-alpha.11 |
| purl |
pkg:npm/parse-server@9.5.0-alpha.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 17 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 18 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 19 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 20 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 21 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 22 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 23 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 24 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 25 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 26 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 27 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 28 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 29 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 30 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 31 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 32 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 33 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 34 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 35 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 36 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 37 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 38 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 39 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 40 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 41 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 42 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 43 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 44 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 45 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 46 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 47 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 48 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 49 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 50 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 51 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 52 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 53 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 54 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 55 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 56 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 57 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 58 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 59 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 60 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.11 |
|
|
| aliases |
CVE-2026-30863, GHSA-x6fw-778m-wr9v
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ryzc-v8ju-zbcd |
|
| 61 |
| url |
VCID-s2mj-yppn-ckaa |
| vulnerability_id |
VCID-s2mj-yppn-ckaa |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier (e.g. anonymous authentication). By sending a crafted login request, the attacker can cause the server to perform a pattern-matching query instead of an exact-match lookup, allowing the attacker to match an existing user and obtain a valid session token for that user's account. Both MongoDB and PostgreSQL database backends are affected. Any Parse Server deployment that allows anonymous authentication (enabled by default) is vulnerable. This vulnerability is fixed in 9.6.0-alpha.12 and 8.6.38. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32248 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27288 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27495 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.2749 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27513 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32248 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.38 |
| purl |
pkg:npm/parse-server@8.6.38 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 17 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 18 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 19 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 20 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 21 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 22 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 23 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 24 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 25 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 26 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 27 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 28 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 29 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 30 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 31 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 32 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 33 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 34 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.38 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.12 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 17 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 18 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 19 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 20 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 21 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 22 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 23 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 24 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 25 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 26 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 27 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 28 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 29 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 30 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 31 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 32 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 33 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 34 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.12 |
|
|
| aliases |
CVE-2026-32248, GHSA-5fw2-8jcv-xh87
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s2mj-yppn-ckaa |
|
| 62 |
| url |
VCID-sj7h-z87x-gfh3 |
| vulnerability_id |
VCID-sj7h-z87x-gfh3 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google authentication token with `alg: "none"` to log in as any user linked to a Google account, without knowing their credentials. All deployments with Google authentication enabled are affected. The fix in versions 8.6.3 and 9.1.1-alpha.4 hardcodes the expected `RS256` algorithm instead of trusting the JWT header, and replaces the Google adapter's custom key fetcher with `jwks-rsa` which rejects unknown key IDs. As a workaround, dsable Google authentication until upgrading is possible. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-27804 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.12192 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.1212 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.12213 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.12214 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-27804 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.3 |
| purl |
pkg:npm/parse-server@8.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 18 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 19 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 20 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 21 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 22 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 23 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 24 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 25 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 26 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 27 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 28 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 29 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 30 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 31 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 32 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 33 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 34 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 35 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 36 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 37 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 38 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 39 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 40 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 41 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 42 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 43 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 44 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 45 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 46 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 47 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 48 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 49 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 50 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 51 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 52 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 53 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 54 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 55 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 56 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 57 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 58 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 59 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 60 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 61 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 62 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 63 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 64 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 65 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 66 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 67 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.3 |
|
| 1 |
| url |
pkg:npm/parse-server@9.3.1-alpha.4 |
| purl |
pkg:npm/parse-server@9.3.1-alpha.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-14sg-981y-pbdx |
|
| 3 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 4 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 5 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 18 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 19 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 20 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 21 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 22 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 23 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 24 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 25 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 26 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 27 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 28 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 29 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 30 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 31 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 32 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 33 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 34 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 35 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 36 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 37 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 38 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 39 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 40 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 41 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 42 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 43 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 44 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 45 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 46 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 47 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 48 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 49 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 50 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 51 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 52 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 53 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 54 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 55 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 56 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 57 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 58 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 59 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 60 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 61 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 62 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 63 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 64 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 65 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 66 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 67 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 68 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.3.1-alpha.4 |
|
|
| aliases |
CVE-2026-27804, GHSA-4q3h-vp4r-prv2
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sj7h-z87x-gfh3 |
|
| 63 |
| url |
VCID-smga-c628-mucb |
| vulnerability_id |
VCID-smga-c628-mucb |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp (authorized party) claim of Keycloak access tokens against the configured client-id. A valid access token issued by the same Keycloak realm for a different client application can be used to authenticate as any user on the Parse Server that uses the Keycloak adapter. This enables cross-application account takeover in multi-client Keycloak realms. All Parse Server deployments that use the Keycloak authentication adapter with a Keycloak realm that has multiple client applications are affected. This vulnerability is fixed in 9.5.2-alpha.5 and 8.6.18. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30949 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14797 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14826 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14828 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14706 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30949 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.18 |
| purl |
pkg:npm/parse-server@8.6.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 9 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 10 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 11 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 12 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 13 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 14 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 15 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 16 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 17 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 18 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 19 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 20 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 21 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 22 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 23 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 24 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 25 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 26 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 27 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 28 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 29 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 30 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 31 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 32 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 33 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 34 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 35 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 36 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 37 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 38 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 39 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 40 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 41 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 42 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 43 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 44 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 45 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 46 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 47 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 48 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 49 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 50 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 51 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 52 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.18 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.5 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 9 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 10 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 11 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 12 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 13 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 14 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 15 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 16 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 17 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 18 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 19 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 20 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 21 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 22 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 23 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 24 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 25 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 26 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 27 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 28 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 29 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 30 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 31 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 32 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 33 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 34 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 35 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 36 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 37 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 38 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 39 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 40 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 41 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 42 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 43 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 44 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 45 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 46 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 47 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 48 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 49 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 50 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 51 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 52 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.5 |
|
|
| aliases |
CVE-2026-30949, GHSA-48mh-j4p5-7j9v
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-smga-c628-mucb |
|
| 64 |
| url |
VCID-tmz8-ectq-xqh6 |
| vulnerability_id |
VCID-tmz8-ectq-xqh6 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse Server apps. For example, if a user signed up using the same authentication provider in two unrelated Parse Server apps, the credentials stored by one app can be used to authenticate the same user in the other app. Note that this only affects Parse Server apps that specifically use an affected 3rd party authentication provider for user authentication, for example by setting the Parse Server option auth to configure a Parse Server authentication adapter. The fix of this vulnerability requires to upgrade Parse Server to a version that includes the bug fix, as well as upgrade the client app to send a secure payload, which is different from the previous insecure payload. This vulnerability is fixed in 7.5.2 and 8.0.2. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-30168 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.4149 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41482 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.415 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00195 |
| scoring_system |
epss |
| scoring_elements |
0.41316 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-30168 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@7.5.2 |
| purl |
pkg:npm/parse-server@7.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 18 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 19 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 20 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 21 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 22 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 23 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 24 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 25 |
| vulnerability |
VCID-czsu-zebt-puhd |
|
| 26 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 27 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 28 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 29 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 30 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 31 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 32 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 33 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 34 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 35 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 36 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 37 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 38 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 39 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 40 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 41 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 42 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 43 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 44 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 45 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 46 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 47 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 48 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 49 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 50 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 51 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 52 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 53 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 54 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 55 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 56 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 57 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 58 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 59 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 60 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 61 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 62 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 63 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 64 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 65 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 66 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 67 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 68 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 69 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 70 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 71 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 72 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.5.2 |
|
| 1 |
| url |
pkg:npm/parse-server@8.0.0-alpha.1 |
| purl |
pkg:npm/parse-server@8.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 19 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 20 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 21 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 22 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 23 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 24 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 25 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 26 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 27 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 28 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 29 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 30 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 31 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 32 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 33 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 34 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 35 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 36 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 37 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 38 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 39 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 40 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 41 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 42 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 43 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 44 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 45 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 46 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 47 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 48 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 49 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 50 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 51 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 52 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 53 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 54 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 55 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 56 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 57 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 58 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 59 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 60 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 61 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 62 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 63 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 64 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 65 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 66 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 67 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 68 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 69 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 70 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.0.0-alpha.1 |
|
| 2 |
| url |
pkg:npm/parse-server@8.0.2 |
| purl |
pkg:npm/parse-server@8.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 18 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 19 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 20 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 21 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 22 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 23 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 24 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 25 |
| vulnerability |
VCID-czsu-zebt-puhd |
|
| 26 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 27 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 28 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 29 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 30 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 31 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 32 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 33 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 34 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 35 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 36 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 37 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 38 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 39 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 40 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 41 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 42 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 43 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 44 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 45 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 46 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 47 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 48 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 49 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 50 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 51 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 52 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 53 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 54 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 55 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 56 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 57 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 58 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 59 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 60 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 61 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 62 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 63 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 64 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 65 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 66 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 67 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 68 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 69 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 70 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 71 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 72 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 73 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.0.2 |
|
|
| aliases |
CVE-2025-30168, GHSA-837q-jhwx-cmpv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tmz8-ectq-xqh6 |
|
| 65 |
| url |
VCID-tuts-aegs-r7e7 |
| vulnerability_id |
VCID-tuts-aegs-r7e7 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription requests. An attacker can send a subscription with deeply nested logical operators, causing excessive recursion and CPU consumption that degrades or disrupts service availability. This issue has been patched in versions 8.6.56 and 9.6.0-alpha.45. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33508 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20667 |
| published_at |
2026-06-13T12:55:00Z |
|
| 1 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20646 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20468 |
| published_at |
2026-06-11T12:55:00Z |
|
| 3 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20645 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33508 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.56 |
| purl |
pkg:npm/parse-server@8.6.56 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 10 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 11 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 12 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 13 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 14 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 15 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 16 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 17 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.56 |
|
| 1 |
| url |
pkg:npm/parse-server@9.0.0-alpha.1 |
| purl |
pkg:npm/parse-server@9.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 1 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 2 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 3 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 4 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 5 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 6 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 7 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 8 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 9 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 10 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 11 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 12 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 13 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 14 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 15 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 16 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 17 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.0.0-alpha.1 |
|
| 2 |
| url |
pkg:npm/parse-server@9.6.0-alpha.45 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.45 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 10 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 11 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 12 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 13 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 14 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 15 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 16 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 17 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.45 |
|
|
| aliases |
CVE-2026-33508, GHSA-6qh5-m6g3-xhq6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tuts-aegs-r7e7 |
|
| 66 |
| url |
VCID-u6cq-nd7b-vucm |
| vulnerability_id |
VCID-u6cq-nd7b-vucm |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured pagesPath directory. The boundary check uses a string prefix comparison without enforcing a directory separator boundary. An attacker can use path traversal sequences to access files in sibling directories whose names share the same prefix as the pages directory (e.g. pages-secret starts with pages). This issue has been patched in versions 8.6.8 and 9.5.0-alpha.8. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30848 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06485 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06454 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06473 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06466 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30848 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.8 |
| purl |
pkg:npm/parse-server@8.6.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 17 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 18 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 19 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 20 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 21 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 22 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 23 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 24 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 25 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 26 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 27 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 28 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 29 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 30 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 31 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 32 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 33 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 34 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 35 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 36 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 37 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 38 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 39 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 40 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 41 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 42 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 43 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 44 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 45 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 46 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 47 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 48 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 49 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 50 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 51 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 52 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 53 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 54 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 55 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 56 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 57 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 58 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 59 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 60 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 61 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 62 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.8 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.0-alpha.8 |
| purl |
pkg:npm/parse-server@9.5.0-alpha.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-14sg-981y-pbdx |
|
| 3 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 4 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 5 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 18 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 19 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 20 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 21 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 22 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 23 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 24 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 25 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 26 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 27 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 28 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 29 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 30 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 31 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 32 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 33 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 34 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 35 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 36 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 37 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 38 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 39 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 40 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 41 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 42 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 43 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 44 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 45 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 46 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 47 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 48 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 49 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 50 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 51 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 52 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 53 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 54 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 55 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 56 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 57 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 58 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 59 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 60 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 61 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 62 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 63 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.0-alpha.8 |
|
|
| aliases |
CVE-2026-30848, GHSA-hm3f-q6rw-m6wh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u6cq-nd7b-vucm |
|
| 67 |
| url |
VCID-vmwk-3myb-u7ds |
| vulnerability_id |
VCID-vmwk-3myb-u7ds |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1-alpha.1, file downloads via HTTP Range requests bypass the afterFind(Parse.File) trigger and its validators on storage adapters that support streaming (e.g. the default GridFS adapter). This allows access to files that should be protected by afterFind trigger authorization logic or built-in validators such as requireUser. This issue has been patched in versions 8.6.71 and 9.7.1-alpha.1. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-34784, GHSA-hpm8-9qx6-jvwv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vmwk-3myb-u7ds |
|
| 68 |
| url |
VCID-w175-44z9-c3h5 |
| vulnerability_id |
VCID-w175-44z9-c3h5 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.7 and 8.6.33, when multi-factor authentication (MFA) via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These codes are intended as a fallback when the user cannot provide a TOTP token. However, recovery codes are not consumed after use, allowing the same recovery code to be used an unlimited number of times. This defeats the single-use design of recovery codes and weakens the security of MFA-protected accounts. An attacker who obtains a single recovery code can repeatedly authenticate as the affected user without the code ever being invalidated. This vulnerability is fixed in 9.6.0-alpha.7 and 8.6.33. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31875 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00139 |
| scoring_system |
epss |
| scoring_elements |
0.33864 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00139 |
| scoring_system |
epss |
| scoring_elements |
0.33889 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00139 |
| scoring_system |
epss |
| scoring_elements |
0.33867 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00139 |
| scoring_system |
epss |
| scoring_elements |
0.33687 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31875 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.33 |
| purl |
pkg:npm/parse-server@8.6.33 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 22 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 23 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 24 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 25 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 26 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 27 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 28 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 29 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 30 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 31 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 32 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 33 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 34 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 35 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 36 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 37 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 38 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 39 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.33 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.7 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 22 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 23 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 24 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 25 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 26 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 27 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 28 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 29 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 30 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 31 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 32 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 33 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 34 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 35 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 36 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 37 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 38 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 39 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.7 |
|
|
| aliases |
CVE-2026-31875, GHSA-4hf6-3x24-c9m8
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w175-44z9-c3h5 |
|
| 69 |
| url |
VCID-wqxc-qnu8-q7d7 |
| vulnerability_id |
VCID-wqxc-qnu8-q7d7 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.59 and 9.6.0-alpha.53, an attacker with master key access can execute arbitrary SQL statements on the PostgreSQL database by injecting SQL metacharacters into field name parameters of the aggregate $group pipeline stage or the distinct operation. This allows privilege escalation from Parse Server application-level administrator to PostgreSQL database-level access. Only Parse Server deployments using PostgreSQL are affected. MongoDB deployments are not affected. This issue has been patched in versions 8.6.59 and 9.6.0-alpha.53. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33539 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.07139 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.07161 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.07172 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.07166 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33539 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.59 |
| purl |
pkg:npm/parse-server@8.6.59 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 10 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 11 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 12 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 13 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 14 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.59 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.53 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.53 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 1 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 2 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 3 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 4 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 5 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 6 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 7 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 8 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 9 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 10 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 11 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 12 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 13 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 14 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.53 |
|
|
| aliases |
CVE-2026-33539, GHSA-p2w6-rmh7-w8q3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wqxc-qnu8-q7d7 |
|
| 70 |
| url |
VCID-wrzy-ar2d-kfe3 |
| vulnerability_id |
VCID-wrzy-ar2d-kfe3 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0. No known workarounds are available. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39309 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03791 |
| scoring_system |
epss |
| scoring_elements |
0.88385 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.03791 |
| scoring_system |
epss |
| scoring_elements |
0.88341 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.03791 |
| scoring_system |
epss |
| scoring_elements |
0.8838 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.03791 |
| scoring_system |
epss |
| scoring_elements |
0.88386 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39309 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@6.5.7 |
| purl |
pkg:npm/parse-server@6.5.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 2 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bd2p-eg4j-mfgq |
|
| 19 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 20 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 21 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 22 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 23 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 24 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 25 |
| vulnerability |
VCID-czsu-zebt-puhd |
|
| 26 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 27 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 28 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 29 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 30 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 31 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 32 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 33 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 34 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 35 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 36 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 37 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 38 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 39 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 40 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 41 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 42 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 43 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 44 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 45 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 46 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 47 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 48 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 49 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 50 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 51 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 52 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 53 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 54 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 55 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 56 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 57 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 58 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 59 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 60 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 61 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 62 |
| vulnerability |
VCID-tmz8-ectq-xqh6 |
|
| 63 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 64 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 65 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 66 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 67 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 68 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 69 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 70 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 71 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 72 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 73 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@6.5.7 |
|
| 1 |
| url |
pkg:npm/parse-server@7.1.0 |
| purl |
pkg:npm/parse-server@7.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2f17-a4kr-r7du |
|
| 6 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 7 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 8 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 9 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 10 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 11 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 12 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 13 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 14 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 15 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 16 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 17 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 18 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 19 |
| vulnerability |
VCID-bd2p-eg4j-mfgq |
|
| 20 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 21 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 22 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 23 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 24 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 25 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 26 |
| vulnerability |
VCID-czsu-zebt-puhd |
|
| 27 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 28 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 29 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 30 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 31 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 32 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 33 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 34 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 35 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 36 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 37 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 38 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 39 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 40 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 41 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 42 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 43 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 44 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 45 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 46 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 47 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 48 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 49 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 50 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 51 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 52 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 53 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 54 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 55 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 56 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 57 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 58 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 59 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 60 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 61 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 62 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 63 |
| vulnerability |
VCID-tmz8-ectq-xqh6 |
|
| 64 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 65 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 66 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 67 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 68 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 69 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 70 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 71 |
| vulnerability |
VCID-xtz1-mhr3-mkah |
|
| 72 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 73 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 74 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@7.1.0 |
|
|
| aliases |
CVE-2024-39309, GHSA-c2hr-cqg6-8j6r
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wrzy-ar2d-kfe3 |
|
| 71 |
| url |
VCID-wtbe-kc8y-77dk |
| vulnerability_id |
VCID-wtbe-kc8y-77dk |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspection endpoint, but does not verify that the token belongs to the user identified by authData.id. An attacker with any valid OAuth2 token from the same provider can authenticate as any other user. This affects any Parse Server deployment that uses the generic OAuth2 authentication adapter (configured with oauth2: true) without setting the useridField option. This vulnerability is fixed in 9.5.2-alpha.9. and 8.6.22. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.22 |
| purl |
pkg:npm/parse-server@8.6.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 8 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 9 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 10 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 11 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 12 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 13 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 14 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 15 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 16 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 17 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 18 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 19 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 20 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 21 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 22 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 23 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 24 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 25 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 26 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 27 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 28 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 29 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 30 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 31 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 32 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 33 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 34 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 35 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 36 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 37 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 38 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 39 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 40 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 41 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 42 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 43 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 44 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 45 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 46 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 47 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 48 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.22 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.9 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 8 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 9 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 10 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 11 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 12 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 13 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 14 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 15 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 16 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 17 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 18 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 19 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 20 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 21 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 22 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 23 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 24 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 25 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 26 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 27 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 28 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 29 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 30 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 31 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 32 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 33 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 34 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 35 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 36 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 37 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 38 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 39 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 40 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 41 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 42 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 43 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 44 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 45 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 46 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 47 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 48 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.9 |
|
|
| aliases |
CVE-2026-30967, GHSA-fr88-w35c-r596
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wtbe-kc8y-77dk |
|
| 72 |
| url |
VCID-xrz4-1vpd-2qeg |
| vulnerability_id |
VCID-xrz4-1vpd-2qeg |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.6 and 8.6.32, the protectedFields class-level permission (CLP) can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation to query or sort by sub-fields of a protected field, enabling a binary oracle attack to enumerate protected field values. This affects both MongoDB and PostgreSQL deployments. This vulnerability is fixed in 9.6.0-alpha.6 and 8.6.32. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31872 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15691 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15723 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15709 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.1557 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31872 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.32 |
| purl |
pkg:npm/parse-server@8.6.32 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 22 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 23 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 24 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 25 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 26 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 27 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 28 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 29 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 30 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 31 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 32 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 33 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 34 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 35 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 36 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 37 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 38 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 39 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 40 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.32 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.6 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 17 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 18 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 19 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 20 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 21 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 22 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 23 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 24 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 25 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 26 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 27 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 28 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 29 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 30 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 31 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 32 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 33 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 34 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 35 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 36 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 37 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 38 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 39 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 40 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.6 |
|
|
| aliases |
CVE-2026-31872, GHSA-r2m8-pxm9-9c4g
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xrz4-1vpd-2qeg |
|
| 73 |
| url |
VCID-xtz1-mhr3-mkah |
| vulnerability_id |
VCID-xtz1-mhr3-mkah |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB `explain()` method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha.5, Parse Server permits any client to execute explain queries without requiring the master key. This exposes database schema structure and field names, index configurations and query optimization details, query execution statistics and performance metrics, and potential attack vectors for database performance exploitation. In version 8.5.0-alpha.5, a new `databaseOptions.allowPublicExplain` configuration option has been introduced that allows to restrict `explain` queries to the master key. The option defaults to `true` for now to avoid a breaking change in production systems that depends on public `explain` availability. In addition, a security warning is logged when the option is not explicitly set, or set to `true`. In a future major release of Parse Server, the default will change to `false`. As a workaround, implement middleware to block explain queries from non-master-key requests, or monitor and alert on explain query usage in production environments. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64502 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30525 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30539 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30519 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00118 |
| scoring_system |
epss |
| scoring_elements |
0.30324 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64502 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.5.0-alpha.5 |
| purl |
pkg:npm/parse-server@8.5.0-alpha.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-22pk-5s6t-ufaw |
|
| 4 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 5 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 6 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 7 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 8 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 9 |
| vulnerability |
VCID-2t98-yfws-zfgn |
|
| 10 |
| vulnerability |
VCID-383v-s4c7-6bfu |
|
| 11 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 12 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 13 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 14 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 15 |
| vulnerability |
VCID-8cct-wkqq-nqdm |
|
| 16 |
| vulnerability |
VCID-9vdy-2u7g-w3cz |
|
| 17 |
| vulnerability |
VCID-anju-zz89-sfad |
|
| 18 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 19 |
| vulnerability |
VCID-brgs-d2uu-a7bt |
|
| 20 |
| vulnerability |
VCID-bzw6-4m1j-6fe2 |
|
| 21 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 22 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 23 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 24 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 25 |
| vulnerability |
VCID-dmkx-64cw-67ae |
|
| 26 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 27 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 28 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 29 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 30 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 31 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 32 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 33 |
| vulnerability |
VCID-gdee-x759-bbg9 |
|
| 34 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 35 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 36 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 37 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 38 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 39 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 40 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 41 |
| vulnerability |
VCID-j8xd-t1fd-hyba |
|
| 42 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 43 |
| vulnerability |
VCID-kgbm-tgkt-nyew |
|
| 44 |
| vulnerability |
VCID-ma3z-wh1c-v7c8 |
|
| 45 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 46 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 47 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 48 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 49 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 50 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 51 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 52 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 53 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 54 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 55 |
| vulnerability |
VCID-rbax-edn6-d3aw |
|
| 56 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 57 |
| vulnerability |
VCID-ryzc-v8ju-zbcd |
|
| 58 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 59 |
| vulnerability |
VCID-sj7h-z87x-gfh3 |
|
| 60 |
| vulnerability |
VCID-smga-c628-mucb |
|
| 61 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 62 |
| vulnerability |
VCID-u6cq-nd7b-vucm |
|
| 63 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 64 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 65 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 66 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 67 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 68 |
| vulnerability |
VCID-yup6-6p9f-n7bu |
|
| 69 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 70 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.5.0-alpha.5 |
|
|
| aliases |
CVE-2025-64502, GHSA-7cx5-254x-cgrq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xtz1-mhr3-mkah |
|
| 74 |
| url |
VCID-yup6-6p9f-n7bu |
| vulnerability_id |
VCID-yup6-6p9f-n7bu |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check is bypassed entirely. This allows any authenticated user to query on protected fields to extract field values. All Parse Server deployments have default protected fields and are vulnerable. This vulnerability is fixed in 9.5.2-alpha.6 and 8.6.19. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30962 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14679 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14706 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14709 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14588 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30962 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.19 |
| purl |
pkg:npm/parse-server@8.6.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 9 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 10 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 11 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 12 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 13 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 14 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 15 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 16 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 17 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 18 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 19 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 20 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 21 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 22 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 23 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 24 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 25 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 26 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 27 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 28 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 29 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 30 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 31 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 32 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 33 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 34 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 35 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 36 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 37 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 38 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 39 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 40 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 41 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 42 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 43 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 44 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 45 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 46 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 47 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 48 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 49 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 50 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 51 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.19 |
|
| 1 |
| url |
pkg:npm/parse-server@9.5.2-alpha.6 |
| purl |
pkg:npm/parse-server@9.5.2-alpha.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-262h-v1yd-tfc9 |
|
| 4 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 5 |
| vulnerability |
VCID-2qbc-paq8-2fgn |
|
| 6 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 7 |
| vulnerability |
VCID-2syy-yyte-nug4 |
|
| 8 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 9 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 10 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 11 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 12 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 13 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 14 |
| vulnerability |
VCID-caj3-ujpk-hba5 |
|
| 15 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 16 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 17 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 18 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 19 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 20 |
| vulnerability |
VCID-ee1t-31wz-ufbw |
|
| 21 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 22 |
| vulnerability |
VCID-fdqv-3n6r-2fgb |
|
| 23 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 24 |
| vulnerability |
VCID-gjus-pwzw-qufs |
|
| 25 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 26 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 27 |
| vulnerability |
VCID-hh7p-ae88-z3fs |
|
| 28 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 29 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 30 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 31 |
| vulnerability |
VCID-jh6w-1y2k-27de |
|
| 32 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 33 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 34 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 35 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 36 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 37 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 38 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 39 |
| vulnerability |
VCID-pkkz-wwqa-1ufw |
|
| 40 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 41 |
| vulnerability |
VCID-qybe-rg1s-6kau |
|
| 42 |
| vulnerability |
VCID-rr98-m4bd-dqhf |
|
| 43 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 44 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 45 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 46 |
| vulnerability |
VCID-w175-44z9-c3h5 |
|
| 47 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 48 |
| vulnerability |
VCID-wtbe-kc8y-77dk |
|
| 49 |
| vulnerability |
VCID-xrz4-1vpd-2qeg |
|
| 50 |
| vulnerability |
VCID-zrvb-y7f6-ykby |
|
| 51 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.5.2-alpha.6 |
|
|
| aliases |
CVE-2026-30962, GHSA-72hp-qff8-4pvv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yup6-6p9f-n7bu |
|
| 75 |
| url |
VCID-zrvb-y7f6-ykby |
| vulnerability_id |
VCID-zrvb-y7f6-ykby |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.11 and 8.6.37, Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent authentication requests for different OAuth2 providers, one provider's token validation may execute using another provider's configuration, potentially allowing a token that should be rejected by one provider to be accepted because it is validated against a different provider's policy. Deployments that configure multiple OAuth2 providers via the oauth2: true flag are affected. This vulnerability is fixed in 9.6.0-alpha.11 and 8.6.37. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:npm/parse-server@8.6.37 |
| purl |
pkg:npm/parse-server@8.6.37 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 17 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 18 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 19 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 20 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 21 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 22 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 23 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 24 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 25 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 26 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 27 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 28 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 29 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 30 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 31 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 32 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 33 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 34 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 35 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@8.6.37 |
|
| 1 |
| url |
pkg:npm/parse-server@9.6.0-alpha.11 |
| purl |
pkg:npm/parse-server@9.6.0-alpha.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13fb-z2vs-83hu |
|
| 1 |
| vulnerability |
VCID-14fp-bjdd-uffh |
|
| 2 |
| vulnerability |
VCID-1y9a-gb1j-ufdu |
|
| 3 |
| vulnerability |
VCID-2fzy-ajnc-fbf9 |
|
| 4 |
| vulnerability |
VCID-2rxm-qxur-9ygu |
|
| 5 |
| vulnerability |
VCID-49m3-j488-yqes |
|
| 6 |
| vulnerability |
VCID-53r7-9knw-u7bd |
|
| 7 |
| vulnerability |
VCID-5bbt-8378-17d1 |
|
| 8 |
| vulnerability |
VCID-7jbf-hw56-9bcx |
|
| 9 |
| vulnerability |
VCID-bpp2-r2wr-vkf6 |
|
| 10 |
| vulnerability |
VCID-ca2c-skt8-mqau |
|
| 11 |
| vulnerability |
VCID-cbrh-vg1p-3ua7 |
|
| 12 |
| vulnerability |
VCID-dhkw-d15h-rkb5 |
|
| 13 |
| vulnerability |
VCID-dyd6-6yy1-hyhn |
|
| 14 |
| vulnerability |
VCID-e7pg-sdu5-mkhh |
|
| 15 |
| vulnerability |
VCID-e84c-36en-wqaa |
|
| 16 |
| vulnerability |
VCID-evdb-d9ew-pbfq |
|
| 17 |
| vulnerability |
VCID-g9b7-r5ry-mybm |
|
| 18 |
| vulnerability |
VCID-gngn-8vy6-bkg7 |
|
| 19 |
| vulnerability |
VCID-hbms-u2mt-jyhn |
|
| 20 |
| vulnerability |
VCID-hs5q-jk5r-7ya8 |
|
| 21 |
| vulnerability |
VCID-j3ba-adds-muay |
|
| 22 |
| vulnerability |
VCID-j6sw-ak9p-nyhc |
|
| 23 |
| vulnerability |
VCID-mdgb-p4u1-uud5 |
|
| 24 |
| vulnerability |
VCID-mm7p-maf1-eyhq |
|
| 25 |
| vulnerability |
VCID-mxgt-92ep-73fj |
|
| 26 |
| vulnerability |
VCID-n4s7-6vvk-skfz |
|
| 27 |
| vulnerability |
VCID-n5mt-eebx-zbcf |
|
| 28 |
| vulnerability |
VCID-nqev-h9w8-pudy |
|
| 29 |
| vulnerability |
VCID-nt51-v9gk-w3e8 |
|
| 30 |
| vulnerability |
VCID-q59u-ywkn-wbfw |
|
| 31 |
| vulnerability |
VCID-s2mj-yppn-ckaa |
|
| 32 |
| vulnerability |
VCID-tuts-aegs-r7e7 |
|
| 33 |
| vulnerability |
VCID-vmwk-3myb-u7ds |
|
| 34 |
| vulnerability |
VCID-wqxc-qnu8-q7d7 |
|
| 35 |
| vulnerability |
VCID-zx4t-zth8-7fe5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/parse-server@9.6.0-alpha.11 |
|
|
| aliases |
CVE-2026-32242, GHSA-2cjm-2gwv-m892
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zrvb-y7f6-ykby |
|
| 76 |
| url |
VCID-zx4t-zth8-7fe5 |
| vulnerability_id |
VCID-zx4t-zth8-7fe5 |
| summary |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud Function handler is declared using the function keyword and its validator is a plain object or arrow function, the trigger store traversal resolves the handler through its own prototype chain while the validator store fails to mirror this traversal, causing all access control enforcement to be skipped. This allows unauthenticated callers to invoke Cloud Functions that are meant to be protected by validators such as requireUser, requireMaster, or custom validation logic. This issue has been patched in versions 8.6.67 and 9.7.0-alpha.11. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34532 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13654 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13742 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13772 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13771 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34532 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34532, GHSA-vpj2-qq7w-5qq6
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zx4t-zth8-7fe5 |
|