-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Security: parse-community/parse-server
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Server option `masterKeyIps` vulnerability to IP spoofingGHSA-vm5r-c87r-pf6x published
Jan 31, 2023 by mtrezzaHigh -
Server crashes when receiving file download request with invalid byte rangeGHSA-h423-w6qv-2wj3 published
Oct 15, 2022 by mtrezzaHigh -
Phishing attack vulnerability by uploading malicious HTML fileGHSA-9prm-jqwx-45x9 published
May 30, 2023 by mtrezzaModerate -
Invalid file request can crash serverGHSA-xw6g-jjvf-wwf9 published
Jun 17, 2022 by mtrezzaHigh -
Authentication bypass vulnerability in Apple Game Center auth adapterGHSA-rh9j-f5f8-rvgc published
Jun 17, 2022 by mtrezzaCritical -
Protected fields exposed via LiveQueryGHSA-crrq-vr9j-fxxh published
Jun 30, 2022 by mtrezzaHigh -
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapterGHSA-qf8x-vqjv-92gr published
May 1, 2022 by mtrezzaCritical -
Brute force guessing of user sensitive data via search patternsGHSA-2m6g-crv8-p3c6 published
Sep 2, 2022 by mtrezzaHigh -
Command injection via prototype pollutionGHSA-p6h4-93qp-jhcm published
Mar 11, 2022 by mtrezzaCritical -
Auth adapter app ID validation may be circumventedGHSA-r657-33vp-gp22 published
Sep 20, 2022 by mtrezzaLow