BIT-PARSE-2026-30863 Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is...

GHSA-R657-33VP-GP22 parse-server auth adapter app ID validation can be circumvented

Impact Validation of the authentication adapter app ID for Facebook and Spotify may be circumvented. This fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for Facebook or Spotify and where the server-side...

PT-2022-24827 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.16 Parse Server versions 5.0.0 through 5.2.6 Description: The issue concerns the validation of the authentication adapter app ID for Facebook and Spotify. In affected configurations, where the appIds is set...