-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Security: parse-community/parse-server
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Custom object ID allows to acquire role privilegesGHSA-8xq9-g7ch-35hg published
Oct 4, 2024 by mtrezzaCritical -
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass VulnerabilityGHSA-c2hr-cqg6-8j6r published
Jun 30, 2024 by mtrezzaCritical -
Server crash when uploading file without extensionGHSA-792q-q67h-w579 published
Oct 20, 2023 by mtrezzaHigh -
Parse Pointer allows to access internal Parse Server classes and circumvent `beforeFind` query triggerGHSA-fcv6-fg5r-jm9q published
Sep 4, 2023 by mtrezzaHigh -
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL InjectionGHSA-6927-3vr9-fxf2 published
Mar 1, 2024 by mtrezzaCritical -
Server crashes on invalid Cloud Function or Cloud Job nameGHSA-6hh7-46r2-vf29 published
Mar 19, 2024 by mtrezzaCritical -
ZDI-CAN-19904: Remote code execution via MongoDB BSON parser through prototype pollutionGHSA-462x-c3jw-7vr6 published
Jun 28, 2023 by mtrezzaCritical -
ZDI-CAN-18806: Prototype pollution via Cloud Code WebhooksGHSA-93vw-8fm5-p2jf published
Nov 9, 2022 by mtrezzaHigh -
ZDI-CAN-18750: Prototype pollution via Cloud Code Webhooks or Cloud Code TriggersGHSA-xprv-wvh7-qqqx published
Nov 9, 2022 by mtrezzaHigh -
ZDI-CAN-18358: Remote code execution via MongoDB BSON parser through prototype pollutionGHSA-prm5-8g2m-24gg published
Nov 8, 2022 by mtrezzaCritical