Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
Parse Server's GraphQL WebSocket endpoint bypasses security middleware Moderate
CVE-2026-32594 was published for parse-server (npm) Mar 13, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint Moderate
CVE-2026-32269 was published for parse-server (npm) Mar 13, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Parse Server: Account takeover via operator injection in authentication data identifier Critical
CVE-2026-32248 was published for parse-server (npm) Mar 12, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Parse Server's OAuth2 adapter shares mutable state across providers via singleton instance Critical
CVE-2026-32242 was published for parse-server (npm) Mar 12, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Parse Server has a SQL injection via query field name when using PostgreSQL Moderate
CVE-2026-32234 was published for parse-server (npm) Mar 12, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server has a protected fields bypass via LiveQuery subscription WHERE clause Moderate
CVE-2026-32098 was published for parse-server (npm) Mar 12, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to user enumeration via email verification endpoint Moderate
CVE-2026-31901 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server's MFA recovery codes not consumed after use High
CVE-2026-31875 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server has a protected fields bypass via dot-notation in query and sort High
CVE-2026-31872 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL Critical
CVE-2026-31871 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types Moderate
CVE-2026-31868 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL Critical
CVE-2026-31856 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction Moderate
CVE-2026-31828 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes High
CVE-2026-31800 was published for parse-server (npm) Mar 11, 2026
theinfosecguy Credited to theinfosecguy and mtrezza mtrezza mtrezza
Parse Server has a rate limit bypass via batch request endpoint Moderate
CVE-2026-30972 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server OAuth2 authentication adapter account takeover via identity spoofing High
CVE-2026-30967 was published for parse-server (npm) Mar 11, 2026
theinfosecguy Credited to theinfosecguy and mtrezza mtrezza mtrezza
Parse Server has role escalation and CLP bypass via direct `_Join` table write Critical
CVE-2026-30966 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to session token exfiltration via `redirectClassNameForKey` query parameter Critical
CVE-2026-30965 was published for parse-server (npm) Mar 11, 2026
theinfosecguy Credited to theinfosecguy and mtrezza mtrezza mtrezza
Parse Server has a protected fields bypass via logical query operators High
CVE-2026-30962 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server missing audience validation in Keycloak authentication adapter High
CVE-2026-30949 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload High
CVE-2026-30948 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server has a bypass of class-level permissions in LiveQuery High
CVE-2026-30947 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API High
CVE-2026-30946 was published for parse-server (npm) Mar 11, 2026
mtrezza Credited to mtrezza
Parse Server has a NoSQL injection via token type in password reset and email verification endpoints High
CVE-2026-30941 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server: SQL injection via dot-notation field name in PostgreSQL Critical
CVE-2026-31840 was published for parse-server (npm) Mar 10, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database