GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Parse Server's GraphQL WebSocket endpoint bypasses security middleware
Moderate
CVE-2026-32594
was published
for
parse-server
(npm)
Mar 13, 2026
Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint
Moderate
CVE-2026-32269
was published
for
parse-server
(npm)
Mar 13, 2026
Parse Server: Account takeover via operator injection in authentication data identifier
Critical
CVE-2026-32248
was published
for
parse-server
(npm)
Mar 12, 2026
Parse Server's OAuth2 adapter shares mutable state across providers via singleton instance
Critical
CVE-2026-32242
was published
for
parse-server
(npm)
Mar 12, 2026
Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
Moderate
CVE-2026-30854
was published
for
parse-server
(npm)
Mar 9, 2026
Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization
Moderate
CVE-2026-30850
was published
for
parse-server
(npm)
Mar 9, 2026
Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory
Moderate
CVE-2026-30848
was published
for
parse-server
(npm)
Mar 9, 2026
parse-server: Malformed `$regex` query leaks database error details in API response
Moderate
CVE-2026-30835
was published
for
parse-server
(npm)
Mar 6, 2026
ProTip!
Advisories are also available from the
GraphQL API