Parse Server 资源管理错误漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 8.6.58 and 9.6.0-alpha.52 contain a resource management vulnerability. This vulnerability stems from an unauthenticated attacker...

Parse Server 信息泄露漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 8.6.61 and 9.6.0-alpha.55 contain a vulnerability known as information leakage. This vulnerability stems from the GET /users/me...

PT-2026-27483

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.58 Parse Server versions prior to 9.6.0-alpha.52 Description An unauthenticated attacker can cause a denial of service by sending authentication requests with arbitrary, unconfigured provider names. The serve...

PT-2026-27486

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.61 Parse Server versions prior to 9.6.0-alpha.55 Description Parse Server is an open source backend deployable on Node.js infrastructures. An authenticated user calling the GET /users/me API endpoint receives...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.56 and 9.6.0-alpha.45. These vulnerabilities stemmed from the LiveQuery component no...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.60 and 9.6.0-alpha.54. These vulnerabilities stemmed from the ability for MFA recovery...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.57 and 9.6.0-alpha.48. These vulnerabilities stemmed from the fact that authenticate...

Parse Server 授权问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were authorization-related vulnerabilities in versions of Parse Server prior to 8.6.52 and 9.6.0-alpha.41. These vulnerabilities stemmed from authentication...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.53 and 9.6.0-alpha.42. These vulnerabilities stemmed from the LiveQuery WebSocket...

PT-2026-27485

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.60 Parse Server versions prior to 9.6.0-alpha.54 Description An attacker with a user's password and a valid multi-factor authentication MFA recovery code can reuse the recovery code an unlimited number of tim...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.51 and 9.6.0-alpha.40. These vulnerabilities stemmed from the re-rendering of email...

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 8.6.59 and 9.6.0-alpha.53 contain a SQL injection vulnerability. This vulnerability arises from the ability of attackers to inject...

PT-2026-27484

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.59 Parse Server versions prior to 9.6.0-alpha.53 Description Parse Server, an open source backend deployable on Node.js infrastructure, contains a flaw where an attacker possessing master key access can execu...

PT-2026-27482

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.57 Parse Server versions prior to 9.6.0-alpha.48 Description An authenticated user can modify server-generated session fields, such as expiresAt and createdWith, when updating their own session through the RE...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.55 and 9.6.0-alpha.44. These vulnerabilities stemmed from the possibility for attackers ...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.54 and 9.6.0-alpha.43. These vulnerabilities allowed attackers to infer changes in...

Parse Server LiveQuery subscription query depth bypass

Impact Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription requests. An attacker can send a subscription with deeply nested logical operators, causing excessive recursion and CPU consumption that degrade...

Uncontrolled Recursion

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Uncontrolled Recursion via the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...

GHSA-6QH5-M6G3-XHQ6 Parse Server LiveQuery subscription query depth bypass

Impact Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription requests. An attacker can send a subscription with deeply nested logical operators, causing excessive recursion and CPU consumption that degrade...

@openinc/parse-server-opendash (>=4.0.0 <=4.0.4) potentially affected by CVE-2026-33508 via parse-server (>=9.6.0-alpha.37 <=9.6.0-alpha.43)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.4 Source cves: CVE-2026-33508 Source advisory: OSV:GHSA-6QH5-M6G3-XHQ6...