GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
9 advisories
parse-server: Malformed `$regex` query leaks database error details in API response
Moderate
CVE-2026-30835
was published
for
parse-server
(npm)
Mar 6, 2026
Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory
Moderate
CVE-2026-30848
was published
for
parse-server
(npm)
Mar 9, 2026
Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization
Moderate
CVE-2026-30850
was published
for
parse-server
(npm)
Mar 9, 2026
Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
Moderate
CVE-2026-30854
was published
for
parse-server
(npm)
Mar 9, 2026
Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint
Moderate
CVE-2026-32269
was published
for
parse-server
(npm)
Mar 13, 2026
Parse Server's GraphQL WebSocket endpoint bypasses security middleware
Moderate
CVE-2026-32594
was published
for
parse-server
(npm)
Mar 13, 2026
Parse Server LiveQuery subscription with invalid regular expression crashes server
Moderate
CVE-2026-32770
was published
for
parse-server
(npm)
Mar 17, 2026
Parse Server affected by empty authData bypassing credential requirement on signup
Moderate
CVE-2026-33042
was published
for
parse-server
(npm)
Mar 17, 2026
Parse Server email verification resend page leaks user existence
Moderate
CVE-2026-33323
was published
for
parse-server
(npm)
Mar 19, 2026
ProTip!
Advisories are also available from the
GraphQL API