Publish Advisories

GHSA-2299-ghjr-6vjp
GHSA-2qvq-rjwj-gvw9
GHSA-2w6w-674q-4c4q
GHSA-3mfm-83xf-c92r
GHSA-8c4j-f57c-35cf
GHSA-g4cf-xj29-wqqr
GHSA-p2w6-rmh7-w8q3

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-2299-ghjr-6vjp/GHSA-2299-ghjr-6vjp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2299-ghjr-6vjp",
-  "modified": "2026-03-24T19:48:25Z",
+  "modified": "2026-03-27T21:54:30Z",
   "published": "2026-03-24T19:48:24Z",
   "aliases": [
     "CVE-2026-33624"
@@ -59,6 +59,10 @@
       "type": "WEB",
       "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-2299-ghjr-6vjp"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33624"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/parse-community/parse-server/pull/10275"
@@ -67,6 +71,14 @@
       "type": "WEB",
       "url": "https://github.com/parse-community/parse-server/pull/10276"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/commit/5e70094250a36bfcc14ecd49592be2b94fba66ff"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/commit/fc3da35a81d5083b453e8967cabcc880f1a3bd0c"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/parse-community/parse-server"
@@ -79,6 +91,6 @@
     "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-24T19:48:24Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-24T19:16:55Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-2qvq-rjwj-gvw9/GHSA-2qvq-rjwj-gvw9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2qvq-rjwj-gvw9",
-  "modified": "2026-03-26T22:20:51Z",
+  "modified": "2026-03-27T21:52:02Z",
   "published": "2026-03-26T22:20:51Z",
   "aliases": [
     "CVE-2026-33916"
@@ -48,6 +48,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33916"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2"
@@ -69,6 +73,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-26T22:20:51Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-27T21:17:27Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-2w6w-674q-4c4q/GHSA-2w6w-674q-4c4q.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2w6w-674q-4c4q",
-  "modified": "2026-03-27T18:19:58Z",
+  "modified": "2026-03-27T21:52:17Z",
   "published": "2026-03-27T18:19:58Z",
   "aliases": [
     "CVE-2026-33937"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33937"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2"
@@ -64,6 +68,6 @@
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-27T18:19:58Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-27T21:17:27Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-3mfm-83xf-c92r/GHSA-3mfm-83xf-c92r.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3mfm-83xf-c92r",
-  "modified": "2026-03-27T18:20:44Z",
+  "modified": "2026-03-27T21:52:26Z",
   "published": "2026-03-27T18:20:44Z",
   "aliases": [
     "CVE-2026-33938"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33938"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2"
@@ -64,6 +68,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-27T18:20:44Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-27T21:17:27Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-8c4j-f57c-35cf/GHSA-8c4j-f57c-35cf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8c4j-f57c-35cf",
-  "modified": "2026-03-27T19:36:23Z",
+  "modified": "2026-03-27T21:52:39Z",
   "published": "2026-03-27T19:36:23Z",
   "aliases": [
     "CVE-2026-34046"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-8c4j-f57c-35cf"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34046"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/langflow-ai/langflow/pull/8956"
@@ -82,6 +86,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-27T19:36:23Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-27T21:17:27Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-g4cf-xj29-wqqr/GHSA-g4cf-xj29-wqqr.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g4cf-xj29-wqqr",
-  "modified": "2026-03-24T19:11:40Z",
+  "modified": "2026-03-27T21:53:45Z",
   "published": "2026-03-24T19:11:40Z",
   "aliases": [
     "CVE-2026-33538"
   ],
   "summary": "Parse Server: Denial of Service via unindexed database query for unconfigured auth providers",
-  "details": "### Impact\n\nAn unauthenticated attacker can cause Denial of Service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured providers, each request triggers a full collection scan on the user database. This can be parallelized to saturate database resources.\n\n### Patches\n\nThe fix validates that an authentication provider is configured before executing any database query. Requests with unconfigured providers are now rejected immediately without querying the database.\n\n### Workarounds\n\nThere is no known workaround other than upgrading.\n\n### Resources\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-g4cf-xj29-wqqr\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/pull/10270\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/pull/10271",
+  "details": "### Impact\n\nAn unauthenticated attacker can cause Denial of Service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured providers, each request triggers a full collection scan on the user database. This can be parallelized to saturate database resources.\n\n### Patches\n\nThe fix validates that an authentication provider is configured before executing any database query. Requests with unconfigured providers are now rejected immediately without querying the database.\n\n### Workarounds\n\nThere is no known workaround other than upgrading.",
   "severity": [
     {
       "type": "CVSS_V4",
@@ -59,6 +59,10 @@
       "type": "WEB",
       "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-g4cf-xj29-wqqr"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33538"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/parse-community/parse-server/pull/10270"
@@ -67,6 +71,14 @@
       "type": "WEB",
       "url": "https://github.com/parse-community/parse-server/pull/10271"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/commit/40eb442e02672986730007d0a1edb22c1c4bd357"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/commit/fbac847499e57f243315c5fc7135be1d58bb8e54"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/parse-community/parse-server"
@@ -79,6 +91,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-24T19:11:40Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-24T19:16:54Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-p2w6-rmh7-w8q3/GHSA-p2w6-rmh7-w8q3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p2w6-rmh7-w8q3",
-  "modified": "2026-03-24T19:12:06Z",
+  "modified": "2026-03-27T21:54:05Z",
   "published": "2026-03-24T19:12:06Z",
   "aliases": [
     "CVE-2026-33539"
@@ -59,6 +59,10 @@
       "type": "WEB",
       "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-p2w6-rmh7-w8q3"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33539"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/parse-community/parse-server/pull/10272"
@@ -67,6 +71,14 @@
       "type": "WEB",
       "url": "https://github.com/parse-community/parse-server/pull/10273"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/commit/03249f9bf5b8783c8b848f84dab791ff0b761b8c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/commit/bdddab5f8b61a40cb8fc62dd895887bdd2f3838e"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/parse-community/parse-server"
@@ -79,6 +91,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-24T19:12:06Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-24T19:16:54Z"
   }
 }