Vulnerabilities > Parseplatform > Parse Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-22 | CVE-2020-15126 | Incorrect Authorization vulnerability in Parseplatform Parse Server In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object. | 4.0 |
| 2020-03-04 | CVE-2020-5251 | Incorrect Authorization vulnerability in Parseplatform Parse-Server In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. | 5.0 |
| 2019-07-29 | CVE-2019-1020013 | Information Exposure Through an Error Message vulnerability in Parseplatform Parse-Server parse-server before 3.6.0 allows account enumeration. | 5.0 |
| 2019-07-29 | CVE-2019-1020012 | HTTP Request Smuggling vulnerability in Parseplatform Parse-Server parse-server before 3.4.1 allows DoS after any POST to a volatile class. | 5.0 |