Open Source
Parse Server
Pull Requests

Overview Analytics Pull Requests

Pull Request Explorer

Exploring 8 PRs. Want this for your team? Start Free Trial

Title	Author	Size	AI	Cycle Time	Review	Merged
fix: Stored XSS via trailing-dot filename bypassing file upload extension blocklist (GHSA-7wqv-xjf3-x35v)	mtrezza	L	No	8.4h	-	Jun 01, 2026
Summary Bug Fix Fix XSS via trailing-dot filename bypass Removes a stored XSS vulnerability that allowed malicious files to bypass the extension blocklist, improving security for file uploads. Health Assessment Large High Low • Security fix completed in under 9 hours with no review, indicating high priority and efficient resolution. AI Details Tech Stack Languages: Javascript
fix: Stored XSS via trailing-dot filename bypassing file upload extension blocklist (GHSA-7wqv-xjf3-x35v)	mtrezza	L	AI	9.1h	0.2h	Jun 01, 2026
Summary Bug Fix Fix XSS via trailing-dot filename bypass Prevents stored XSS attacks by tightening file upload validation, ensuring secure handling of filenames. Health Assessment Large Medium Low • The PR was reviewed quickly and required minimal rework, indicating efficient handling of a critical security fix. AI Details Usage: AI Reviewed Category: Review AI Tools: CodeRabbit Confidence: 0.95 Tech Stack Languages: Javascript
fix: Server option routeAllowList is bypassable through batch sub-requests (GHSA-p84r-h6rx-f2xr)	mtrezza	M	No	5.9h	0.1h	May 27, 2026
Summary Bug Fix Fix routeAllowList bypass via batch sub-requests Prevents a security vulnerability that allowed bypassing server route restrictions through batch requests, ensuring stricter enforcement of routeAllowList. Health Assessment Small Low Low • Rapid review and minimal code changes indicate low complexity and high confidence in the security fix. AI Details Tech Stack Languages: Javascript
test: GraphQL endpoint is exempt from `routeAllowList` by design	mtrezza	M	No	7.0h	0.1h	May 26, 2026
Summary Chore Add tests for GraphQL routeAllowList exemption Adds unit tests and documentation confirming that the GraphQL endpoint is intentionally exempt from the routeAllowList security feature, ensuring clarity for developers. Health Assessment Small Low Low • Quick turnaround with minimal changes and fast review indicates low risk and straightforward implementation. AI Details Tech Stack Languages: Javascript
fix: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers (GHSA-8cph-rgr4-g5vj)	mtrezza	M	No	15.6h	-	May 18, 2026
Summary Bug Fix Fix GraphQL schema disclosure in validation suggestions Removes sensitive schema information from autocomplete suggestions for unauthenticated users, addressing a security vulnerability. Health Assessment Medium Medium Low • The PR was merged quickly with minimal changes, indicating a straightforward security fix with low review friction. AI Details Tech Stack Languages: Javascript
fix: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers (GHSA-8cph-rgr4-g5vj)	mtrezza	M	No	16.7h	0.1h	May 18, 2026
Summary Bug Fix Fix GraphQL validation disclosure to unauthenticated callers Removes schema disclosure in GraphQL validation suggestions, enhancing security for unauthenticated users. Health Assessment Small Low Low • Quick fix with minimal changes and fast review, indicating low complexity and high confidence in security patch. AI Details Confidence: 0.20 Tech Stack Languages: Javascript
fix: Pre-authentication denial of service via client version header regex backtracking (GHSA-38m6-82c8-4xfm)	mtrezza	L	No	2.1h	-	May 17, 2026
Summary Bug Fix Fix pre-auth denial of service via regex Patch a critical denial‑of‑service vulnerability that could be triggered before authentication, ensuring safer client version handling. Health Assessment Large High Low • Rapid resolution with minimal code churn; tests and docs added to confirm fix. AI Details Tech Stack Languages: Javascript
fix: Pre-authentication denial of service via client version header regex backtracking (GHSA-38m6-82c8-4xfm)	mtrezza	L	No	3.5h	0.1h	May 17, 2026
Summary Bug Fix Fix pre‑auth denial of service via regex Removes a vulnerability that could allow attackers to cause denial of service by sending crafted client version headers, improving security and reliability. Health Assessment Medium Low Low • Rapid review and minimal rework indicate a straightforward security fix; AI review helped streamline the process. AI Details Usage: AI Reviewed Category: Review AI Tools: CodeRabbit Confidence: 0.95 Tech Stack Languages: Javascript

Get this analytics stack for your team

Connect GitHub and see cycle time, review bottlenecks, PR flow, and trend changes in minutes.