Parseplatform Security Vulnerabilities (CVEs)
Track 17 security vulnerabilities affecting Parseplatform products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 lack CSRF protection on the AI Agent API endpoint. This allows attackers to craft malici...
Feb 25, 2026This vulnerability in Parse Dashboard's AI Agent API endpoint allows unauthenticated remote attackers to perform arbitrary read and write operations o...
Feb 25, 2026Parse Server's Instagram authentication adapter allows attackers to specify custom API URLs, enabling Server-Side Request Forgery (SSRF) attacks. This...
Dec 16, 2025Parse Server versions before 8.6.1 and 9.1.0-alpha.3 contain a reflected cross-site scripting (XSS) vulnerability in password reset and email verifica...
Dec 16, 2025This CVE describes a GitHub Actions workflow vulnerability in Parse Server that grants elevated permissions to CI/CD pipelines. It allows unauthorized...
Dec 12, 2025Parse Server versions before 6.5.9 and 7.3.0 with allowCustomObjectId enabled are vulnerable to privilege escalation. An attacker who can create new u...
Oct 4, 2024This SQL injection vulnerability in parse-server allows attackers to execute arbitrary SQL commands when the server is configured with PostgreSQL. It ...
Mar 1, 2024Parse Server crashes when processing file uploads without file extensions, causing denial of service. This affects all Parse Server deployments runnin...
Oct 25, 2023Parse Server deployments using the beforeFind Cloud Code trigger as a security layer are vulnerable to query manipulation bypass. This allows attacker...
Sep 4, 2023This vulnerability in Parse Server allows attackers to perform prototype pollution attacks that can lead to remote code execution through the MongoDB ...
Jun 28, 2023Parse Server versions before 5.4.1 incorrectly trust the x-forwarded-for header to determine client IP addresses when not behind a proxy. This allows ...
Feb 3, 2023Parse Server LiveQuery improperly exposes protected fields to clients, allowing unauthorized access to sensitive data. This affects all Parse Server d...
Jun 30, 2022Parse Server versions before 4.10.12 and 5.2.3 crash when processing certain invalid file requests, causing denial of service. This affects all Parse ...
Jun 27, 2022Parse Server's Apple Game Center authentication adapter had a certificate validation flaw that allowed attackers to bypass authentication by providing...
Jun 17, 2022This vulnerability allows attackers to bypass authentication in Parse Server's Apple Game Center adapter by exploiting improper URL validation of Appl...
May 4, 2022CVE-2022-24760 is a critical Remote Code Execution vulnerability in Parse Server caused by prototype pollution in DatabaseController.js. It allows att...
Mar 12, 2022Parse Server versions before 4.10.4 expose user session tokens in LiveQuery payloads when users subscribe to Parse.User class updates. This allows att...
Sep 30, 2021Why Monitor Parseplatform Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 17+ known vulnerabilities affecting Parseplatform products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Parseplatform packages in under 60 seconds. No agents required - completely agentless scanning that works across Parseplatform deployments.
Free vulnerability database: Access detailed information about every Parseplatform CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Parseplatform CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
