OSV - Open Source Vulnerabilities

BIT-parse-2026-30863

Bitnami/parse

Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters

6 hours ago

Fix available
Severity - 9.3 (Critical)

BIT-parse-2026-30854

Bitnami/parse

Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled

6 hours ago

Fix available
Severity - 6.9 (Medium)

BIT-parse-2026-30850

Bitnami/parse

Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization

6 hours ago

Fix available
Severity - 6.3 (Medium)

BIT-parse-2026-30848

Bitnami/parse

Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory

6 hours ago

Fix available
Severity - 6.3 (Medium)

BIT-parse-2026-30835

Bitnami/parse

Parse Server: Malformed `$regex` query leaks database error details in API response

6 hours ago

Fix available
Severity - 6.9 (Medium)

BIT-parse-2026-30229

Bitnami/parse

Parse Server: Endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user

6 hours ago

Fix available
Severity - 8.5 (High)

BIT-parse-2026-30228

Bitnami/parse

Parse Server: File creation and deletion bypasses `readOnlyMasterKey` write restriction

6 hours ago

Fix available
Severity - 6.9 (Medium)

BIT-parse-2026-29182

Bitnami/parse

Parse Server: Cloud Hooks and Cloud Jobs bypass `readOnlyMasterKey` write restriction

6 hours ago

Fix available
Severity - 8.6 (High)

BIT-zookeeper-2026-24308

Bitnami/zookeeper

Apache ZooKeeper: Sensitive information disclosure in client configuration handling

yesterday

Fix available
Severity - 7.5 (High)

BIT-zookeeper-2026-24281

Bitnami/zookeeper

Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

yesterday

Fix available
Severity - 7.4 (High)

BIT-mysql-client-2026-3494

Bitnami/mysql-client

MariaDB Server Audit Plugin Comment Handling Bypass

yesterday

Fix available
Severity - 5.3 (Medium)

BIT-mariadb-min-2026-3494

Bitnami/mariadb-min

MariaDB Server Audit Plugin Comment Handling Bypass

yesterday

Fix available
Severity - 5.3 (Medium)

BIT-mariadb-2026-3494

Bitnami/mariadb

MariaDB Server Audit Plugin Comment Handling Bypass

yesterday

Fix available
Severity - 5.3 (Medium)

BIT-golang-2026-27142

Bitnami/golang

URLs in meta content attribute actions are not escaped in html/template

yesterday

Fix available
Severity - 7.5 (High)

BIT-golang-2026-27139

Bitnami/golang

FileInfo can escape from a Root in os

yesterday

Fix available
Severity - 2.5 (Low)

BIT-golang-2026-27138

Bitnami/golang

Panic in name constraint checking for malformed certificates in crypto/x509

yesterday

Fix available
Severity - 5.9 (Medium)