CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

5.3CVSS6AI score0.00814EPSS

Exploits0References4

RedhatCVE•added 2025/07/12 3:24 p.m.•9 views

CVE-2025-53364

5.3CVSS7AI score0.00814EPSS

Exploits0References1

vulnersOsv•added 2025/07/10 4:50 p.m.•6 views

@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +4 more potentially affected by CVE-2025-53364 via parse-server (>=5.6.0 <=6.5.11)

parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.23 - servable-publishable =1.1.0 Source cves: CVE-2025-53364 Source advisory: OSV:GHSA-48Q3-PRGV-GM4W...

5.3CVSS5.8AI score0.00814EPSS

Exploits0

Github Security Blog•added 2025/07/10 4:50 p.m.•12 views

Parse Server exposes the data schema via GraphQL API

Impact The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. Patches The issue has...

5.3CVSS7.2AI score0.00814EPSS

Exploits0References5Affected Software1

OSV•added 2025/07/10 4:50 p.m.•5 views

GHSA-48Q3-PRGV-GM4W Parse Server exposes the data schema via GraphQL API

5.3CVSS6.6AI score0.00814EPSS

Exploits0References5

NVD•added 2025/07/10 4:15 p.m.•27 views

CVE-2025-53364

5.3CVSS0.00814EPSS

Exploits0References3

Vulnrichment•added 2025/07/10 3:18 p.m.•4 views

CVE-2025-53364 Parse Server exposes the data schema via GraphQL API

5.3CVSS6.9AI score0.00814EPSS

Exploits0References3

Cvelist•added 2025/07/10 3:18 p.m.•27 views

CVE-2025-53364 Parse Server exposes the data schema via GraphQL API

5.3CVSS0.00814EPSS

Exploits0References3

OSV•added 2025/07/10 3:18 p.m.•14 views

CVE-2025-53364 Parse Server exposes the data schema via GraphQL API

5.3CVSS6.4AI score0.00814EPSS

Exploits0References5

CVE•added 2025/07/10 3:18 p.m.•43 views

CVE-2025-53364

Summary (Parse Server - GraphQL Schema Information Disclosure, CVE-2025-53364) The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. This could expose API structure metadata (not actual data), potentially increasin...

5.3CVSS6.2AI score0.00814EPSS

In wildExploits0References3

CNNVD•added 2025/07/10 12:0 a.m.•4 views

Parse Server 安全漏洞

Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.3.0 through 7.5.3 and prior to 8.2.2, which stems from the GraphQL API not validating a sessi...

5.3CVSS6.4AI score0.00814EPSS

Exploits0References4

Positive Technologies•added 2025/07/10 12:0 a.m.•4 views

PT-2025-29105 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions 5.3.0 through 7.5.3 Parse Server version 8.2.2 Description: Parse Server’s GraphQL API allowed public access to the GraphQL schema without requiring a session token or the master key in versions 5.3.0 through 7.5.3 and...

5.3CVSS6.2AI score0.00814EPSS

Exploits0References10

vulnersOsv•added 2025/06/12 6:31 p.m.•4 views

@0x18b2ee/parse-server (>=3.10.1 <=3.11.0), @514labs/aurora-mcp (>=0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939 <=0.0.64) +408 more potentially affected by CVE-2025-29744 via pg-promise (>=0.9.8 <=11.5.4)

pg-promise NPM version =0.9.8, =3.10.1, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.0, =1.1.2, =0.0.2, =0.0.3, =0.1.1, =9.3.8, =2.13.15, =2.0.0, =1.1.152, =1.0.1, =1.0.5, =1.0.10 and more Source cves: CVE-2025-29744 Source advisory: OSV:GHSA-FF9H-848C-4XFJ...

5.4CVSS5.4AI score0.00193EPSS

Exploits1

RedhatCVE•added 2025/05/23 8:55 a.m.•5 views

CVE-2024-29027

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

9CVSS7.6AI score0.01188EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:10 a.m.•5 views

CVE-2023-32688

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...

7.5CVSS6.8AI score0.009EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:45 a.m.•6 views

CVE-2023-22474

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server wi...

8.7CVSS6.6AI score0.00664EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:44 a.m.•8 views

CVE-2023-41058

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...

7.5CVSS7.1AI score0.00623EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by