258 matches found
CVE-2025-53364
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
Parse Server exposes the data schema via GraphQL API
Impact The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. Patches The issue has...
GHSA-48Q3-PRGV-GM4W Parse Server exposes the data schema via GraphQL API
Impact The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. Patches The issue has...
CVE-2025-53364
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
CVE-2025-53364
Summary (Parse Server - GraphQL Schema Information Disclosure, CVE-2025-53364) The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. This could expose API structure metadata (not actual data), potentially increasin...
CVE-2025-53364 Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
CVE-2025-53364 Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
CVE-2025-53364 Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
PT-2025-29105 · Unknown · Parse Server
Name of the Vulnerable Software and Affected Versions: Parse Server versions 5.3.0 through 7.5.3 Parse Server version 8.2.2 Description: Parse Server’s GraphQL API allowed public access to the GraphQL schema without requiring a session token or the master key in versions 5.3.0 through 7.5.3 and...
LinkedIn: Improper Access Control - Access to "Active Hiring" (Premium feature) filter results
An access control vulnerability was identified in LinkedIn's people search functionality that allowed unauthorized access to premium "Active Hiring" filter results. The vulnerability was found in the GraphQL API endpoint where premium feature restrictions were not properly enforced, allowing user...
The vulnerability of the GraphQL API interface of the software platform based on git for collaborative code development on GitLab allows a hacker to trigger a service failure.
The vulnerability of the GraphQL API interface of a software platform based on Git for collaborative code development on GitLab is related to unlimited resource distribution. Exploiting this vulnerability allows an attacker, operating remotely, to cause service failures by sending specially craft...
The vulnerability of the GraphQL API interface of the software platform based on git for collaborative code development on GitLab allows attackers to circumvent security restrictions and gain increased privileges.
The vulnerability of the GraphQL API interface of a software platform based on Git for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to bypass security restrictions and enhance their privileges b...
BIT-GITLAB-2024-4994 Cross-Site Request Forgery (CSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...
CVE-2024-4994
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...
CVE-2024-4994
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...
CVE-2024-4994 Cross-Site Request Forgery (CSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...
CVE-2024-4994 Cross-Site Request Forgery (CSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...
CVE-2024-4994
Removed by vendor...
CVE-2024-4994 Cross-Site Request Forgery (CSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...
GraphQL Query Length Not Limited
GraphQL is an open-source query and manipulation language for APIs. When a GraphQL API does not enforce limits on query length or complexity, attackers can submit extremely large and complex queries that consume excessive server resources, potentially causing denial of service conditions. No sour...