GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Parse Server has a protected fields bypass via dot-notation in query and sort
High
CVE-2026-31872
was published
for
parse-server
(npm)
Mar 11, 2026
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL
Critical
CVE-2026-31871
was published
for
parse-server
(npm)
Mar 11, 2026
Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types
Moderate
CVE-2026-31868
was published
for
parse-server
(npm)
Mar 11, 2026
Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL
Critical
CVE-2026-31856
was published
for
parse-server
(npm)
Mar 11, 2026
Parse Server has a rate limit bypass via batch request endpoint
Moderate
CVE-2026-30972
was published
for
parse-server
(npm)
Mar 11, 2026
Parse Server has role escalation and CLP bypass via direct `_Join` table write
Critical
CVE-2026-30966
was published
for
parse-server
(npm)
Mar 11, 2026
Parse Server missing audience validation in Keycloak authentication adapter
High
CVE-2026-30949
was published
for
parse-server
(npm)
Mar 11, 2026
Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload
High
CVE-2026-30948
was published
for
parse-server
(npm)
Mar 11, 2026
Parse Server has a bypass of class-level permissions in LiveQuery
High
CVE-2026-30947
was published
for
parse-server
(npm)
Mar 11, 2026
Parse Server: SQL injection via dot-notation field name in PostgreSQL
Critical
CVE-2026-31840
was published
for
parse-server
(npm)
Mar 10, 2026
ProTip!
Advisories are also available from the
GraphQL API