Search for packages
| purl | pkg:npm/parse-server@4.0.0 |
| Tags | Ghost |
| Next non-vulnerable version | 8.6.76 |
| Latest non-vulnerable version | 9.9.1-alpha.2 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2sjs-7xx9-g3ej
Aliases: CVE-2020-5251 GHSA-h4mf-75hf-67w4 |
Incorrect Authorization In parser-server, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on `sessionToken` and find valid accounts this way. |
Affected by 99 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-e17g-g7qf-87fm
Aliases: GHSA-593v-wcqx-hq2w GMS-2021-186 |
Incorrect version tags linked to external repository A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. |
Affected by 95 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 95 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-07T20:47:20.695766+00:00 | GHSA Importer | Affected by | VCID-e17g-g7qf-87fm | https://github.com/advisories/GHSA-593v-wcqx-hq2w | 38.6.0 |
| 2026-06-05T21:11:15.830011+00:00 | GHSA Importer | Affected by | VCID-2sjs-7xx9-g3ej | https://github.com/advisories/GHSA-h4mf-75hf-67w4 | 38.6.0 |
| 2026-06-02T04:39:59.685938+00:00 | GitLab Importer | Affected by | VCID-e17g-g7qf-87fm | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/parse-server/GMS-2021-186.yml | 38.6.0 |