Parseplatform Parse-server — known CVE vulnerabilities
Every CVE whose affected-product data names Parseplatform Parse-server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (101)
CVE-2024-27298 — CVSS 10.0 (critical): parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the…
CVE-2026-30966 — CVSS 10.0 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20…
CVE-2022-24760 — CVSS 10.0 (critical): Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in…
CVE-2022-39396 — CVSS 9.8 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and…
CVE-2026-31871 — CVSS 9.8 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31…
CVE-2026-31856 — CVSS 9.8 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability…
CVE-2026-30863 — CVSS 9.8 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and…
CVE-2025-67727 — CVSS 9.8 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a…
CVE-2023-36475 — CVSS 9.8 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1…
CVE-2026-31840 — CVSS 9.8 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.2 and 8.6.28…
CVE-2026-32248 — CVSS 9.8 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38…
CVE-2026-31800 — CVSS 9.1 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25…
CVE-2026-27804 — CVSS 9.1 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and…
CVE-2026-34532 — CVSS 9.1 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and…
CVE-2026-30965 — CVSS 9.1 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.8 and 8.6.21…
CVE-2026-33409 — CVSS 9.1 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and…
CVE-2024-29027 — CVSS 9.0 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and…
CVE-2026-31828 — CVSS 8.8 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26…
CVE-2026-30967 — CVSS 8.8 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22…
CVE-2026-30949 — CVSS 8.8 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18…
CVE-2026-34373 — CVSS 8.8 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and…
CVE-2023-22474 — CVSS 8.7 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request…
CVE-2022-31083 — CVSS 8.6 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and…
CVE-2022-36079 — CVSS 8.6 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields (keys used…
CVE-2022-31112 — CVSS 8.2 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server…
CVE-2024-47183 — CVSS 8.1 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option…
CVE-2020-5251 — CVSS 7.7 (high): In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use…
CVE-2020-26288 — CVSS 7.7 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package…
CVE-2026-32728 — CVSS 7.6 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41…
CVE-2023-46119 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading…
CVE-2021-39187 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse…
CVE-2021-41109 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for…
CVE-2022-24901 — CVSS 7.5 (high): Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication…
CVE-2022-31089 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types…
CVE-2022-39313 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and…
CVE-2023-41058 — CVSS 7.5 (high): Parse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain…
CVE-2026-30925 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11…
CVE-2026-30939 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2…
CVE-2026-30941 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2-alpha.1…
CVE-2026-30946 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior 9.5.2-alpha.2 and 8.6.15, an…
CVE-2026-30947 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.3 and 8.6.16…
CVE-2026-30972 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23…
CVE-2026-31872 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.6 and 8.6.32…
CVE-2026-32098 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.9 and 8.6.35…
CVE-2026-32878 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44…
CVE-2026-32886 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47…
CVE-2026-32944 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45…
CVE-2026-33498 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and…
CVE-2026-33508 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and…
CVE-2026-33538 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and…
CVE-2026-34573 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and…
CVE-2026-34784 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and…
CVE-2026-32242 — CVSS 7.4 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.11 and 8.6.37…
CVE-2026-32594 — CVSS 7.3 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0-alpha.14…
CVE-2022-41878 — CVSS 7.2 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or…
CVE-2022-41879 — CVSS 7.2 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or…
CVE-2026-33539 — CVSS 7.2 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.59 and…
CVE-2026-29182 — CVSS 7.2 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.4 and…
CVE-2026-30229 — CVSS 7.2 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.6 and…
CVE-2026-33421 — CVSS 6.5 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.53 and…
CVE-2026-34215 — CVSS 6.5 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and…
CVE-2025-68150 — CVSS 6.5 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and…
CVE-2026-33627 — CVSS 6.5 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.61 and…
CVE-2026-33163 — CVSS 6.5 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.35 and 8.6.50…
CVE-2026-30962 — CVSS 6.5 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19…
CVE-2026-32269 — CVSS 6.5 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.13 and 8.6.39…
CVE-2023-32689 — CVSS 6.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1…
CVE-2026-31868 — CVSS 6.1 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30…
CVE-2025-68115 — CVSS 6.1 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and…
CVE-2026-43930 — CVSS 5.9 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2…
CVE-2026-31875 — CVSS 5.9 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.7 and 8.6.33…
CVE-2026-32770 — CVSS 5.9 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43…
CVE-2026-30850 — CVSS 5.9 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and…
CVE-2026-35200 — CVSS 5.4 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4…
CVE-2026-34574 — CVSS 5.4 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and…
CVE-2026-30948 — CVSS 5.4 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.4 and 8.6.17…
CVE-2026-30835 — CVSS 5.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and…
CVE-2026-30938 — CVSS 5.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.12 and 9.5.1-alpha.1…
CVE-2026-34363 — CVSS 5.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.65 and…
CVE-2026-33042 — CVSS 5.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.29 and 8.6.49…
CVE-2026-31901 — CVSS 5.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.34 and 9.6.0-alpha.8…
CVE-2026-33323 — CVSS 5.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.51 and…
CVE-2026-33429 — CVSS 5.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and…
CVE-2026-30854 — CVSS 5.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to…
CVE-2026-30228 — CVSS 4.9 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.5 and…
CVE-2021-39138 — CVSS 4.8 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to…
CVE-2026-32234 — CVSS 4.7 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36…
CVE-2026-34224 — CVSS 4.4 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and…
CVE-2026-33527 — CVSS 4.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and…
CVE-2020-15270 — CVSS 4.3 (medium): Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows…
CVE-2022-39225 — CVSS 4.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or…
CVE-2026-32742 — CVSS 4.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42…
CVE-2026-39381 — CVSS 4.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.7 and 8.6.75…
CVE-2026-34595 — CVSS 4.3 (medium): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.70 and…
CVE-2026-30848 — CVSS 3.7 (low): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and…
CVE-2026-39321 — CVSS 3.7 (low): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.6 and 8.6.74…
CVE-2022-39231 — CVSS 3.7 (low): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or…
CVE-2026-32943 — CVSS 3.1 (low): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.28 and 8.6.48…
CVE-2026-33624 — CVSS 2.7 (low): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.60 and…