6854 matches found
CVE-2026-34363
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.65 and 9.7.0-alpha.9, when multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects...
CVE-2026-34532
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...
OPENSUSE-SU-2026:20459-1 Security update for perl-XML-Parser
This update for perl-XML-Parser fixes the following issues: - CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. - CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902...
@openinc/parse-server-opendash (>=4.0.0 <=4.0.10) potentially affected by CVE-2026-34595 via parse-server (>=9.6.0-alpha.37 <=9.6.1)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.10 Source cves: CVE-2026-34595 Source advisory: OSV:GHSA-MMG8-87C5-JRC2...
EUVD-2026-17504
Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-34595 via parse-server (>=2.0.8 <=7.5.4)
parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-34595 Source advisory: OSV:GHSA-MMG8-87C5-JRC2...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the LiveQuery subscription process when an authenticated use...
@openinc/parse-server-opendash (>=4.0.0 <=4.0.10) potentially affected by CVE-2026-34595 via parse-server (>=9.6.0-alpha.37 <=9.6.1)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.10 Source cves: CVE-2026-34595 Source advisory: SNYK:JS-PARSESERVER-15864450...
@openinc/parse-server-opendash (>=4.0.0 <=4.0.10) potentially affected by CVE-2026-34574 via parse-server (>=9.6.0-alpha.37 <=9.6.1)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.10 Source cves: CVE-2026-34574 Source advisory: OSV:GHSA-F6J3-W9V3-CQ22...
EUVD-2026-17502
Parse Server has a session field immutability bypass via falsy-value guard...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-34574 via parse-server (>=2.0.8 <=7.5.4)
parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-34574 Source advisory: OSV:GHSA-F6J3-W9V3-CQ22...
Incorrect Comparison
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Comparison via the session update process. An attacker can extend the validity of a session indefinitely by sendin...
@openinc/parse-server-opendash (>=4.0.0 <=4.0.10) potentially affected by CVE-2026-34574 via parse-server (>=9.6.0-alpha.37 <=9.6.1)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.10 Source cves: CVE-2026-34574 Source advisory: SNYK:JS-PARSESERVER-15864482...
parse-server has GraphQL complexity validator exponential fragment traversal DoS
Impact The GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads. A single unauthenticated request can block the Node.js event loop for seconds, denying service to all concurrent users. This only affects...
Inefficient Algorithmic Complexity
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the GraphQL query complexity validation process. An attacker can cause the Node.js eve...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-34573 via parse-server (>=2.0.8 <=7.5.4)
parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-34573 Source advisory: OSV:GHSA-MFJ6-6P54-M98C...
@openinc/parse-server-opendash (>=4.0.0 <=4.0.10) potentially affected by CVE-2026-34573 via parse-server (>=9.6.0-alpha.37 <=9.6.1)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.10 Source cves: CVE-2026-34573 Source advisory: OSV:GHSA-MFJ6-6P54-M98C...
@openinc/parse-server-opendash (>=4.0.0 <=4.0.10) potentially affected by CVE-2026-34573 via parse-server (>=9.6.0-alpha.37 <=9.6.1)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.10 Source cves: CVE-2026-34573 Source advisory: SNYK:JS-PARSESERVER-15864422...
@openinc/parse-server-opendash (>=4.0.0 <=4.0.10) potentially affected by CVE-2026-34532 via parse-server (>=9.6.0-alpha.37 <=9.6.1)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.10 Source cves: CVE-2026-34532 Source advisory: SNYK:JS-PARSESERVER-15864382...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-34532 via parse-server (>=2.0.8 <=7.5.4)
parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-34532 Source advisory: OSV:GHSA-VPJ2-QQ7W-5QQ6...